2025-07-24 20:53:17
icscert
PUBLISHED
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostats embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.