CVE-2020-27199

Name of the Vulnerable Software and Affected Versions Magic Home Pro version 1.5.1

Description The Magic Home Pro application allows authentication bypass due to its simple username and password authentication function. An attacker can use enumeration to forge a user-specific token without needing the correct password, thereby gaining access to the mobile application as the victim user.

Recommendations For Magic Home Pro version 1.5.1, consider disabling the authentication function temporarily until a patch is available to prevent exploitation. Restrict access to sensitive features of the application to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.