Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
An unauthenticated attacker can hijack other users' devices and potentially control them.
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
Unauthenticated attackers can rename "rooms" of arbitrary users.
Unauthenticated attackers can query an API endpoint and get device details.
An unauthenticated attacker can obtain other users' charger information.
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthe
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
An unauthenticated attacker can infer the existence of usernames in the system by querying an API.
An unauthenticated attacker can check the existence of usernames in the system by querying an API.
An unauthenticated attacker can obtain a user's plant list by knowing the username.
Page 1+ Next →