Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31950 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can obtain EV charger energy consumption information of other users. | |||||
| CVE-2025-31357 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can obtain a user's plant list by knowing the username. | |||||
| CVE-2025-31945 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can obtain other users' charger information. | |||||
| CVE-2025-25276 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can hijack other users' devices and potentially control them. | |||||
| CVE-2025-26857 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). | |||||
| CVE-2025-30257 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account. | |||||
| CVE-2025-27565 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. | |||||
| CVE-2025-27927 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API. | |||||
| CVE-2025-27575 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID. | |||||
| CVE-2025-31933 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can check the existence of usernames in the system by querying an API. | |||||
| CVE-2025-27561 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Unauthenticated attackers can rename "rooms" of arbitrary users. | |||||
| CVE-2025-31147 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. | |||||
| CVE-2025-27719 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Unauthenticated attackers can query an API endpoint and get device details. | |||||
| CVE-2025-31949 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An authenticated attacker can obtain any plant name by knowing the plant ID. | |||||
| CVE-2025-27929 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. | |||||
| CVE-2025-31941 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. | |||||
| CVE-2025-24315 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). | |||||
| CVE-2025-24850 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An attacker can export other users' plant information. | |||||
| CVE-2025-31360 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
| Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users. | |||||
| CVE-2025-31654 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms"). | |||||