Unrated severityNVD Advisory· Published Jul 26, 2015· Updated Jun 17, 2026
CVE-2015-2848
CVE-2015-2848
Description
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:o:honeywell:tuxedo_touch:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:honeywell:tuxedo_touch:*:*:*:*:*:*:*:*range: <=5.1.13.0_va
- (no CPE)range: <5.2.19.0_VA
Patches
Vulnerability mechanics
References
1- www.kb.cert.org/vuls/id/857948nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.