CVE-2020-22001

Critical

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header…

mitre·CWE-290·Published 2021-04-27

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

232 chars

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.

NVDen

232 chars

NVDes

274 chars

HomeAutomation versión 3.3.2, sufre una vulnerabilidad de omisión de autenticación cuando se falsifica la dirección IP del cliente usando el encabezado X-Fordered-For con el valor de la dirección IP local (loopback) que permite el control remoto de la solución de smart home

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H