Homeautomation Project Homeautomation — known CVE vulnerabilities
Every CVE whose affected-product data names Homeautomation Project Homeautomation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-22001 — CVSS 9.8 (critical): HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header…
CVE-2020-21989 — CVSS 8.8 (high): HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions…
CVE-2020-22000 — CVSS 8.0 (high): HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be…
CVE-2020-21987 — CVSS 6.1 (medium): HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several…
CVE-2020-21998 — CVSS 6.1 (medium): In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to…