CVE-2019-20481

CRITICAL

MIELE XGW 3000 ZigBee Gateway Firmware < 2.4.0 - Improper Authentication in Password Change Function

Title source: llm
STIX 2.1

Description

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://cert.vde.com/en-us/advisories/vde-2019-010

Scores

CVSS v3 9.8
EPSS 0.0059
EPSS Percentile 43.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
miele/xgw_3000_zigbee_gateway_firmware < 2.4.0
Published Feb 24, 2020
Tracked Since Feb 18, 2026