Количество 2
Количество 2
CVE-2021-41104
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or remove `web_server`.
GHSA-48mj-p7x2-5jfm
Basic auth bypass in esphome
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-41104 ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or remove `web_server`. | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| GHSA-48mj-p7x2-5jfm Basic auth bypass in esphome | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу