Vulnerability Details CVE-2018-9162
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2018-9162
-
cpe:2.3:h:contec-touch:smart_home:-
-
cpe:2.3:o:contec-touch:smart_home_firmware:4.15