CVE-2020-27199
CVE-2020-27199 affects Magic Home Pro on Android (1.5.1). The issue is an Authentication Bypass enabling full control of a victim’s device group via token forgery and endpoint enumeration. Attack chain described includes: (1) enumerate bound users by mac address to obtain userName/userUniID/binde...