CVE-2018-9162

Name of the Vulnerable Software and Affected Versions Contec Smart Home version 4.15

Description The issue allows unauthorized access to certain PHP files, including new user.php, edit user.php, delete user.php, and user.php, without requiring authentication. This can be exploited to change the admin password, potentially leading to control over doors.

Recommendations For Contec Smart Home version 4.15, consider restricting access to the vulnerable PHP files, such as new user.php, edit user.php, delete user.php, and user.php, until a patch is available. As a temporary workaround, limit the functionality of these files to prevent unauthorized changes, such as modifying the admin password.