Vulnerabilities > Contec Touch > Smart Home Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-03-31 CVE-2018-9162 Missing Authentication for Critical Function vulnerability in Contec-Touch Smart Home Firmware 4.15
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.
network
low complexity
contec-touch CWE-306
7.5