Vulnerabilities > Homeautomation Project

DATE CVE VULNERABILITY TITLE RISK
2021-04-27 CVE-2020-22001 Authentication Bypass by Spoofing vulnerability in Homeautomation Project Homeautomation 3.3.2
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
network
low complexity
homeautomation-project CWE-290
critical
9.8
2021-04-27 CVE-2020-22000 OS Command Injection vulnerability in Homeautomation Project Homeautomation 3.3.2
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin.
8.5
2021-04-27 CVE-2020-21998 Open Redirect vulnerability in Homeautomation Project Homeautomation 3.3.2
In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users.
5.8
2021-04-27 CVE-2020-21989 Cross-Site Request Forgery (CSRF) vulnerability in Homeautomation Project Homeautomation 3.3.2
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF).
6.8
2021-04-27 CVE-2020-21987 Cross-site Scripting vulnerability in Homeautomation Project Homeautomation 3.3.2
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS).
4.3