PT-2018-10475 · Radio Thermostat · Radio Thermostat Ct50+1

Brannon Dorsey

+1

·

Published

2018-05-20

·

Updated

2018-07-04

·

CVE-2018-11315

CVSS v3.1

6.5

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Radio Thermostat CT50 and CT80 versions 1.04.84 and below
Description The issue allows unauthorized access to the Local HTTP API via a DNS rebinding attack, potentially enabling remote control of device temperature. This could be exploited to alter a home's target temperature, as demonstrated by sending a t heat request to a device.
Recommendations For Radio Thermostat CT50 and CT80 versions 1.04.84 and below, consider restricting access to the Local HTTP API to minimize the risk of exploitation. Avoid using the tstat API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-11315

Affected Products

Radio Thermostat Ct50
Radio Thermostat Ct80