Описание
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
Ссылки
- Technical Description
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Technical Description
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01868
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-290
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
EPSS
Процентиль: 83%
0.01868
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-290