Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Miele Subscribe
Filtered by product Xgw 3000 Zigbee Gateway
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20481 1 Miele 2 Xgw 3000 Zigbee Gateway, Xgw 3000 Zigbee Gateway Firmware 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
CVE-2019-20480 1 Miele 2 Xgw 3000 Zigbee Gateway, Xgw 3000 Zigbee Gateway Firmware 2020-02-27 6.8 MEDIUM 8.8 HIGH
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.