53 matches found
CVE-2020-22001
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local loopback IP address value allowing remote control of the smart home solution...
CVE-2020-22001
CVE-2020-22001 affects HomeAutomation 3.3.2. Vulnerability: authentication bypass by spoofing the X-Forwarded-For header to the local loopback IP, enabling remote control of the smart home solution. Documented in multiple sources (Red Hat, NVD, CVE list, Zeroscience) with PoC/advisory details and...
CVE-2020-22000
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...
CVE-2020-22000
CVE-2020-22000 affects HomeAutomation 3.3.2. An authenticated OS command execution vulnerability exists in the customcommand v0.1 plugin, exploitable via CSRF to run arbitrary shell commands as the web user through unsanitized PHP exec() calls in /system/systemplugins/customcommand/customcommand....
CVE-2020-21998
In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted o...
CVE-2020-21998
CVE-2020-21998 affects HomeAutomation 3.3.2. The issue is an open redirect due to improper verification of the 'redirect' GET parameter in api.php, allowing an attacker to redirect users to arbitrary external sites. Connected documents corroborate an open-redirect vulnerability with exploit requi...
CVE-2020-21989
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery CSRF. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges i...
CVE-2020-21989
CVE-2020-21989 affects HomeAutomation 3.3.2. The issue is a CSRF flaw in the web interface that allows actions to be performed with administrative privileges if a logged-in user visits a malicious site. Affected component is the HTTP interface; root cause is lack of validity checks on requests. P...
CVE-2020-21987
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting XSS. XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's...
CVE-2020-21987
CVE-2020-21987 affects HomeAutomation v3.3.2. The vulnerability is persistent Cross Site Scripting (XSS) caused by insufficient sanitization of input passed via multiple parameters to several scripts, allowing arbitrary HTML/script execution in a user’s browser session. Multiple connected sources...
PT-2021-10716 · Unknown · Homeautomation
Name of the Vulnerable Software and Affected Versions: HomeAutomation version 3.3.2 Description: The issue allows for an authentication bypass when the X-Forwarded-For header is spoofed with the local IP address, enabling remote control of the smart home solution. Recommendations: For...
Subreddit Home Automation 输入验证错误漏洞
Subreddit Home Automation is an automation device for the Subreddit community. An automated electric light. A security vulnerability exists in HomeAutomation 3.3.2, which stems from the input passed in the redirect GET parameter in the api.php script not being properly validated before it is used...
PT-2021-10713
Name of the Vulnerable Software and Affected Versions HomeAutomation version 3.3.2 Description The issue arises from improper verification of input passed via the redirect GET parameter in the "api.php" script. This can be exploited to redirect a user to an arbitrary website, for example, when a...
HomeAutomation Remote Code Execution
A remote code execution vulnerability exists in HomeAutomation. Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code on the affected system...
HomeAutomation 3.3.2 Cross Site Scripting
HomeAutomation v3.3.2 Stored and Reflected XSS Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick,...
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos...
HomeAutomation 3.3.2 CSRF / Code Execution
HomeAutomation v3.3.2 CSRF Remote Command Execution PHP Reverse Shell PoC Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use...
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)
HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Exploit: HomeAutomation 3.3.2 - Cross-Site Request Forgery Add Admin Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on:...
HomeAutomation 3.3.2 Authentication Bypass
HomeAutomation v3.3.2 Authentication Bypass Exploit Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus...
HomeAutomation 3.3.2 Cross Site Request Forgery
HomeAutomation v3.3.2 CSRF Add Admin Exploit Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, bu...