CVE-2020-21989

Name of the Vulnerable Software and Affected Versions: HomeAutomation version 3.3.2

Description: The issue allows users to perform certain actions via HTTP requests without validity checks, which can be exploited to perform actions with administrative privileges if a logged-in user visits a malicious web site. This is due to a Cross Site Request Forgery (CSRF) flaw in the application interface.

Recommendations: For HomeAutomation version 3.3.2, consider implementing validity checks for HTTP requests to prevent unauthorized actions. As a temporary workaround, restrict access to administrative privileges until a patch is available.