PT-2021-10705 · Unknown · Mydomoathome+1

Gjoko Krstic

Published

2021-04-29

Updated

2021-05-08

CVE-2020-21990

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: MyDomoAtHome (MDAH) version 0.2.40

Description: The issue is related to an information disclosure problem caused by improper access control enforcement in the REST API of the Domoticz ISS Gateway. This allows an unauthenticated remote attacker to gain access to sensitive information by sending a specially crafted request.

Recommendations: For version 0.2.40, update to a newer version that addresses the improper access control enforcement issue to prevent information disclosure.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-21990

Affected Products

Domoticz Iss Gateway

Mydomoathome

PT-2021-10705 · Unknown · Mydomoathome+1

CVE-2020-21990

Weakness Enumeration

Related Identifiers

Affected Products

References · 4