The embedded web server on the thermostat listed version ranges contain a vulnerability that

链接： https://github.com/advisories/GHSA-wj97-j26v-v8wp

CVSS 评分： 9.8

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-6260
https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02
https://github.com/advisories/GHSA-wj97-j26v-v8wp

描述：

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat’s embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.

安全公告

#Github Advisory

The embedded web server on the thermostat listed version ranges contain a vulnerability that

http://example.com/2025/07/24/github_4096841046/

作者

lianccc

发布于

2025年7月24日

许可协议

FortiClient Windows Coerced Authentication Vulnerability 上一篇

CVE-2025-6018 Poc and Exploit 下一篇