SVE-002354 | Date: (C)2021-05-24 (M)2021-11-02 |
Smartwares HOME easy Client-Side Authentication Bypass Vulnerability. HOME easy is prone to an Authentication Bypass Vulnerability through IDOR by navigating to several administrative web pages. Successful exploitation allows disclosure of an SQLite3 database file and location. It is also possible to access other functionalities by disabling JavaScript in the browser, bypassing the client-side validation and redirection.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 5.3 | CVSS Score : 5.0 |
Exploit Score: 3.9 | Exploit Score: 10.0 |
Impact Score: 1.4 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: NONE | Authentication: NONE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: NONE |
Confidentiality: LOW | Availability: NONE |
Integrity: NONE | |
Availability: NONE | |
| |