CVE-2025-6260

Description

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostats embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.