CVE-2018-9162

CVE Database · CVE-2018-9162

CVE-2018-9162

· N/AModified

CVSS v3.1

N/A

EPSS

2.36%

Published

Mar 31, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.

Weaknesses (CWE)

CWE-306

Affected Products (2)

contec-touch · smart_home_firmwarevulnerable

contec-touch · smart_home

References (2)

https://www.exploit-db.com/exploits/44295/

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44295/

ExploitThird Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs