CVE-2025-6260
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-07-24 21:15:52
Güncelleme
2025-07-25 15:29:19
Source Identifier
ics-cert@hq.dhs.gov
KEV Date Added
-