Description
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.
Published: 2026-04-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Admin Credential Modification
Action: Patch
AI Analysis

Impact

Heatmiser Wifi Thermostat firmware 1.7 contains a cross‑site request forgery flaw that permits an attacker to change the administrator username and password. By crafting an HTML form that posts to the networkSetup.htm endpoint with the usnm, usps, and cfps parameters, an authenticated user can be tricked into submitting the form and thereby alter the device’s credentials. The compromise grants the attacker full control of the thermostat and the ability to manipulate its settings and data.

Affected Systems

The vulnerability affects Heatmiser Wi‑Fi Thermostat devices running firmware version 1.7. No other product or version numbers are listed, so any device with that firmware is potentially impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity; the flaw requires an authenticated user to load a malicious page, suggesting the attack vector is remote via the web interface. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, which implies a limited but non‑negligible risk. Without a patch, the issue remains exploitable as long as the affected firmware remains in use, and an attacker who succeeds can maintain persistent control over the thermostat.

Generated by OpenCVE AI on April 12, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Heatmiser product website or support portal for a firmware update that addresses the CSRF issue.
  • If an update is available, install the latest firmware to remove the vulnerability.
  • If no update exists, change the administrator username and password to strong, unique values immediately.
  • Restrict access to the thermostat’s web administration interface by limiting it to trusted local or internal IP addresses or by using a firewall rule.

Generated by OpenCVE AI on April 12, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Heatmiser wifi Thermostat
CPEs cpe:2.3:a:heatmiser:wifi_thermostat:1.7:*:*:*:*:*:*:*
Vendors & Products Heatmiser wifi Thermostat

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Heatmiser
Heatmiser heatmiser Wifi Thermostat
Vendors & Products Heatmiser
Heatmiser heatmiser Wifi Thermostat

Sun, 12 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.
Title Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

Heatmiser Heatmiser Wifi Thermostat Wifi Thermostat
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T18:06:18.134Z

Reserved: 2026-04-12T12:14:01.046Z

Link: CVE-2019-25708

cve-icon Vulnrichment

Updated: 2026-04-13T17:58:07.165Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T13:16:33.793

Modified: 2026-04-17T19:17:54.973

Link: CVE-2019-25708

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:55:49Z

Weaknesses