CVE-2018-25396 | THREATINT

Description

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat.

PUBLISHED Reserved 2026-05-29 | Published 2026-05-29 | Updated 2026-05-29 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Plaintext Storage of a Password

Product status

1.7

affected

Credits

d0wnp0ur finder

References

www.exploit-db.com/exploits/45623 (ExploitDB-45623) exploit

www.vulncheck.com/...dential-disclosure-via-networksetup-htm (VulnCheck Advisory: Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm) third-party-advisory

cve.org (CVE-2018-25396)

nvd.nist.gov (CVE-2018-25396)

Download JSON