VYPR
Vendor

Heatmiser

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2018-25396HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username…

  • CVE-2019-25322HigFeb 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields.

  • CVE-2019-25323MedFeb 12, 2026
    risk 0.40cvss 6.1epss 0.00

    Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute…

  • CVE-2019-25708MedApr 12, 2026
    risk 0.28cvss 4.3epss 0.00

    Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint…