CVE-2015-2848 in Honeywell Tuxedo Touchinfo

Summary

Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Reservation

04/03/2015

Disclosure

07/26/2015

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
76809	Honeywell Tuxedo Touch Home-Automation cross-site request forgery	352	Not defined	Official fix	CVE-2015-2848

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!