Skip to main content

Ct50 Firmware

2 CVEs product

Monthly

CVE-2018-11315 MEDIUM POC This Month

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Ct50 Firmware Ct80 Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2013-4860 HIGH This Week

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ct50 Firmware Ct50 Ct80 Firmware Ct80
NVD
CVSS 2.0
8.3
EPSS
0.4%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Ct50 Firmware +1
NVD GitHub
EPSS 0% CVSS 8.3
HIGH This Week

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ct50 Firmware Ct50 +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy