MidnightBSD

Advisories for contec-touch

CVE-2018-9162 HIGH

Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
contec-touch smart_home_firmware 4.15