CVE-2019-25708
Received Received - Intake
CSRF in Heatmiser Wifi Thermostat 1.7 Allows Admin Credential Changes

Publication date: 2026-04-12

Last updated on: 2026-04-17

Assigner: VulnCheck

Description
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-12
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-12
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25708
EUVD
EUVD-2019-20139
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
heatmiser wifi_thermostat 1.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25708 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Heatmiser Wifi Thermostat version 1.7. It allows attackers to change the administrator credentials by tricking authenticated users into submitting malicious requests.

Attackers can craft HTML forms targeting the "networkSetup.htm" endpoint with parameters for username (usnm), password (usps), and confirmation password (cfps) to modify the admin username and password without the user's consent.

This attack requires the user to be authenticated and involves no user interaction beyond submitting the malicious request.

Impact Analysis

This vulnerability can allow an attacker to remotely change the administrator username and password of the Heatmiser Wifi Thermostat without authorization.

By gaining unauthorized control over the device’s administrative settings, an attacker could potentially lock out legitimate users or manipulate thermostat settings, which could affect the security and operation of the device.

Detection Guidance

This vulnerability can be detected by identifying the presence of Heatmiser Wifi Thermostat version 1.7 devices on your network, especially those exposing the web interface on port 8083.

You can use search engine queries (Google dorks) such as intitle:"Heatmiser Wifi Thermostat" to find exposed devices.

Network scanning tools like Shodan can also be used to discover these devices.

To verify if the device is vulnerable, you can attempt to access the /networkSetup.htm endpoint and check if it accepts POST requests with parameters usnm, usps, and cfps to change administrator credentials.

  • Example command to scan for devices on your network using nmap: nmap -p 8083 --open -sV <target-ip-range>
  • Use curl to test the endpoint (replace <ip> and parameters accordingly): curl -X POST http://<ip>:8083/networkSetup.htm -d "usnm=test&usps=testpass&cfps=testpass"
Mitigation Strategies

To mitigate this vulnerability, immediately restrict access to the Heatmiser Wifi Thermostat web interface, especially on port 8083, to trusted networks only.

Ensure that users are aware not to visit untrusted websites while authenticated to the thermostat's interface to prevent CSRF attacks.

If possible, disable remote access to the thermostat's web interface or implement network-level protections such as firewalls or VPNs.

Change administrator credentials manually to strong, unique passwords to reduce the risk of unauthorized access.

Monitor for firmware updates or patches from the vendor that address this vulnerability and apply them as soon as they become available.

Compliance Impact

The provided information does not specify how the CVE-2019-25708 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25708. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart