← volver
CVE-2019-25235

Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

CVSS 8.8 HIGHEPSS 0.4%CWE-639
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Smartwares · Smartwares HOME easy

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/47595https://www.smartwares.euhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php