Unauthenticated Access Control Vulnerability in Contec Smart Home 4.15 Devices

Unauthenticated Access Control Vulnerability in Contec Smart Home 4.15 Devices

CVE-2018-9162 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.

Learn more about our User Device Pen Test.