CVE-2020-21989

May 6, 2021

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Summary:

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Reference Links(if available):

  • https://www.exploit-db.com/exploits/47808
  • https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5558.php

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    image 6

    INC Ransom Ransomware Victim: Pifer’s Auction & Realty

    May 8, 2024
    image 6

    INC Ransom Ransomware Victim: It4 Solutions Robras Corp

    May 8, 2024
    image 6

    INC Ransom Ransomware Victim: WEL Partners

    May 8, 2024
    image 6

    INC Ransom Ransomware Victim: Ingo Money Inc

    May 8, 2024
    image 6

    INC Ransom Ransomware Victim: Hardeman County Community Health Center

    May 8, 2024