Unauthenticated attackers can rename "rooms" of arbitrary users.
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
An unauthenticated attacker can infer the existence of usernames in the system by querying an API.
An unauthenticated attacker can check the existence of usernames in the system by querying an API.
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
An unauthenticated attacker can hijack other users' devices and potentially control them.
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
An unauthenticated attacker can obtain a user's plant list by knowing the username.
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administ
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
Page 1+ Next →