Overview
- Description
- The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 2.9
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:radiothermostat:ct50_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAAD4A16-DF2A-4B01-93B8-D293E9B3018E",
"versionEndIncluding": "1.04.84"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:radiothermostat:ct50:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "13E0CACE-02E9-4250-AF18-C841F6859D49"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:radiothermostat:ct80_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2AF5DA3-5A66-465A-BC2D-ADF99AF4FEF1",
"versionEndIncluding": "1.04.84"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:radiothermostat:ct80:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1837925F-485B-49DF-9C29-094C8721D5AC"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]