The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCarel Pcoweb Card
HWCarelwszystkie wersjeCarel Pcoweb Card Firmware
OSCarelwszystkie wersje
Related vulnerabilities
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 ...
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores clea...
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System ...
Carel Boss Mini 1.5.0 has Improper Access Control.
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...