CVE-2019-25235
8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Smartwares | Smartwares HOME easy | 1.0.9 | affected |
Weaknesses
- CWE-639: Authorization Bypass Through User-Controlled Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://www.exploit-db.com/exploits/47595
- https://www.smartwares.eu
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.