CVE-2020-21998

Name of the Vulnerable Software and Affected Versions HomeAutomation version 3.3.2

Description The issue arises from improper verification of input passed via the redirect GET parameter in the "api.php" script. This can be exploited to redirect a user to an arbitrary website, for example, when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Recommendations For HomeAutomation version 3.3.2, as a temporary workaround, consider restricting access to the "api.php" script or disabling the use of the redirect parameter until a proper fix is available. Avoid using the redirect parameter in the affected API endpoint until the issue is resolved.