HIGH
Heatmiser
CVE published 2026-05-29
CVE-2018-25396
CVE-2018-25396 documents a credential disclosure vulnerability in Heatmiser Wifi Thermostat firmware version 1.7. The device exposes administrative credentials in plaintext within the HTML source of the networkSetup.htm page, allowing unauthenticated remote attackers to retrieve username and password values by requesting this endpoint. This represents a critical information exposure weakness (CWE-256: Unp [truncated]