QwikSec

Security Database

CVE

CWE

Training

CVE-2018-11315

Published: May 20, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability

x_refsource_MISC

https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

x_refsource_MISC

https://github.com/brannondorsey/radio-thermostat

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.