CVE-2018-25396

HIGH

Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25396. PoCs published by d0wnp0ur.

AI-analyzed exploit summary This script exploits an information disclosure vulnerability in Heatmiser Wifi Thermostat 1.7 by fetching the 'networkSetup.htm' page, which contains plaintext credentials. It parses the HTML to extract the username and password.

Description

Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and password values from HTML form fields to gain administrative access to the thermostat.

Exploits (1)

exploitdb WORKING POC

by d0wnp0ur · bashwebappshardware

https://www.exploit-db.com/exploits/45623

View Code ZIP pw:eip

This script exploits an information disclosure vulnerability in Heatmiser Wifi Thermostat 1.7 by fetching the 'networkSetup.htm' page, which contains plaintext credentials. It parses the HTML to extract the username and password.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Heatmiser Wifi Thermostat 1.7

No auth needed

Prerequisites: network access to the thermostat's web interface

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 29, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit

ExploitDB-45623

https://www.exploit-db.com/exploits/45623

Third Party Advisory third-party-advisory

VulnCheck Advisory: Heatmiser Wifi Thermostat 1.7 Credential Disclosure via networkSetup.htm

https://www.vulncheck.com/advisories/heatmiser-wifi-thermostat-credential-disclosure-via-networksetup-htm

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-256

Status published

Products (1)

Heatmiser/Heatmiser Wifi Thermostat 1.7

Published May 29, 2026

Tracked Since May 29, 2026