CVE-2019-15304

Name of the Vulnerable Software and Affected Versions Lierda Grill Temperature Monitor version V1.00 50006 ProGrade Grill Temperature Monitor (affected versions not specified)

Description The issue concerns a default password set to admin for the admin account, allowing potential Denial of Service or Information Disclosure attacks via an undocumented access-point configuration page on the device. The accompanying wifi thermometer app requires excessive permissions, including Fine GPS location, camera, app lists, Serial number, and IMEI. Additionally, the app connects to several China-based URLs, including Alibaba cloud computing. There is also a "backdoor" login access for admin purposes.

Recommendations For Lierda Grill Temperature Monitor version V1.00 50006, consider changing the default admin password to a strong, unique password to prevent unauthorized access. For ProGrade Grill Temperature Monitor, at the moment, there is no information about a newer version that contains a fix for this vulnerability.