CVE-2019-25708 in Wifi Thermostatinformation

Résumé

par MITRE • 12/04/2026

Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

VulnCheck

Réserver

12/04/2026

Divulgation

12/04/2026

Modérer

accepté

Entrée

VDB-357022

CPE

prêt

Exploitation

Télécharger

EPSS

0.00129

KEV

non

Activités

très faible

Sources

Do you know our Splunk app?

Download it now for free!