Filtered by vendor Miele
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3589 | 1 Miele | 1 Appwash | 2024-11-21 | 8.1 High |
| An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability. | ||||
| CVE-2022-22521 | 1 Miele | 1 Benchmark Programming Tool | 2024-11-21 | 7.3 High |
| In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin. | ||||
| CVE-2019-20481 | 1 Miele | 2 Xgw 3000 Zigbee Gateway, Xgw 3000 Zigbee Gateway Firmware | 2024-11-21 | 9.8 Critical |
| In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. | ||||
| CVE-2019-20480 | 1 Miele | 2 Xgw 3000 Zigbee Gateway, Xgw 3000 Zigbee Gateway Firmware | 2024-11-21 | 8.8 High |
| In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection. | ||||
Page 1 of 1.