Vulnerabilities > Homeautomation Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-27 | CVE-2020-22001 | Authentication Bypass by Spoofing vulnerability in Homeautomation Project Homeautomation 3.3.2 HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution. | 9.8 |
| 2021-04-27 | CVE-2020-22000 | OS Command Injection vulnerability in Homeautomation Project Homeautomation 3.3.2 HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. | 8.0 |
| 2021-04-27 | CVE-2020-21998 | Open Redirect vulnerability in Homeautomation Project Homeautomation 3.3.2 In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. | 6.1 |
| 2021-04-27 | CVE-2020-21989 | Cross-Site Request Forgery (CSRF) vulnerability in Homeautomation Project Homeautomation 3.3.2 HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). | 8.8 |
| 2021-04-27 | CVE-2020-21987 | Cross-site Scripting vulnerability in Homeautomation Project Homeautomation 3.3.2 HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). | 6.1 |