Smart-home controllers from German company AGFEO have adopted best practice internet things security by offering an unsecured Web admin interface.
The now-patched attack vectors included unauthenticated access to some services, authentication bypass, cross-site scripting (XSS) vulns, and hard-coded cryptographic keys.
View Full Story
ORIGINAL SOURCE: The Register