Miele: >> Xgw 3000 Zigbee Gateway Firmware Security Vulnerabilities
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.
CVSS Score
4.6
EPSS Score
0.003
Published
2020-02-24
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
CVSS Score
4.6
EPSS Score
0.003
Published
2020-02-24