CVE-2018-25396

Published: Mag 29, 2026 Last Modified: Mag 29, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat.

256

Plaintext Storage of a Password

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.exploit-db.com/exploits/45623

https://www.vulncheck.com/advisories/heatmiser-wifi-thermos…

https://www.vulncheck.com/advisories/heatmiser-wifi-thermostat-credential-discl…

CVE-2018-25396

Description

Plaintext Storage of a Password

Common Consequences

Applicable Platforms

Iscriviti alla newsletter