VYPR

WiFi Thermostat

by Heatmiser

CVEs (2)

  • CVE-2018-25396HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username…

  • CVE-2019-25708MedApr 12, 2026
    risk 0.28cvss 4.3epss 0.00

    Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint…