PT-2026-44874 · Undefined · Undefined

Published

2026-05-29

Updated

2026-05-29

CVE-2018-25396

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256

Related Identifiers

CVE-2018-25396

Affected Products

Undefined

PT-2026-44874 · Undefined · Undefined

CVE-2018-25396

Weakness Enumeration

Related Identifiers

Affected Products

References · 3