Vulnerabilities > Miele > XGW 3000 Zigbee Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-20481 | Improper Authentication vulnerability in Miele XGW 3000 Zigbee Gateway Firmware In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. | 5.0 |
| 2020-02-24 | CVE-2019-20480 | Cross-Site Request Forgery (CSRF) vulnerability in Miele XGW 3000 Zigbee Gateway Firmware In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection. | 6.8 |