What the vulnerability does
01Description
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
CVSS base score
CVSS vector
CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:L/S:U/UI:R
What the vulnerability does
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
Key dates
External resources