By weakness (CWE)
CWE-256: related vulnerabilities
CVEs classified under CWE-256. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2018-25396HIGH 7.5
Heatmiser Wifi Thermostat version 1.7 exposes administrator credentials in plaintext to anyone with network access. An attacker can visit a specific page (networkSetup.htm) without logging in and retrieve the admin username and password directly from the HTML. This is a serious problem because it bypasses all authentication and gives attackers full control of the device.
- CVE-2026-36174MEDIUM 4.6
GNCC GP5 devices running version 7.1.76 transmit sensitive wireless network credentials in readable form to the serial console during normal operation. An attacker with physical access to the device's serial port can intercept these credentials, compromising network security. This is a localized but consequential exposure for organizations operating these devices in shared or less-controlled physical environments.