CVE

CVE-2020-22001

Severity:
CRITICAL
Type:
Unavailable / Other
Publication date:
27/04/2021
Last modified:
26/10/2022

Description

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*


botón arriba