CVE-2019-25708
CSRF in Heatmiser Wifi Thermostat 1.7 Allows Admin Credential Changes
Publication date: 2026-04-12
Last updated on: 2026-04-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| heatmiser | wifi_thermostat | 1.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25708 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Heatmiser Wifi Thermostat version 1.7. It allows attackers to change the administrator credentials by tricking authenticated users into submitting malicious requests.
Attackers can craft HTML forms targeting the "networkSetup.htm" endpoint with parameters for username (usnm), password (usps), and confirmation password (cfps) to modify the admin username and password without the user's consent.
This attack requires the user to be authenticated and involves no user interaction beyond submitting the malicious request.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely change the administrator username and password of the Heatmiser Wifi Thermostat without authorization.
By gaining unauthorized control over the deviceβs administrative settings, an attacker could potentially lock out legitimate users or manipulate thermostat settings, which could affect the security and operation of the device.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of Heatmiser Wifi Thermostat version 1.7 devices on your network, especially those exposing the web interface on port 8083.
You can use search engine queries (Google dorks) such as intitle:"Heatmiser Wifi Thermostat" to find exposed devices.
Network scanning tools like Shodan can also be used to discover these devices.
To verify if the device is vulnerable, you can attempt to access the /networkSetup.htm endpoint and check if it accepts POST requests with parameters usnm, usps, and cfps to change administrator credentials.
- Example command to scan for devices on your network using nmap: nmap -p 8083 --open -sV <target-ip-range>
- Use curl to test the endpoint (replace <ip> and parameters accordingly): curl -X POST http://<ip>:8083/networkSetup.htm -d "usnm=test&usps=testpass&cfps=testpass"
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict access to the Heatmiser Wifi Thermostat web interface, especially on port 8083, to trusted networks only.
Ensure that users are aware not to visit untrusted websites while authenticated to the thermostat's interface to prevent CSRF attacks.
If possible, disable remote access to the thermostat's web interface or implement network-level protections such as firewalls or VPNs.
Change administrator credentials manually to strong, unique passwords to reduce the risk of unauthorized access.
Monitor for firmware updates or patches from the vendor that address this vulnerability and apply them as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2019-25708 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.