CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Miele 1Xgw 3000 Zigbee Gateway Firmware Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. |
1Miele 1Xgw 3000 Zigbee Gateway Firmware Nov 21, 2024 Feb 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection. |