PT-2021-10715 · Homeautomation+1 · Custom Command V0.1 Plugin+1

Gjoko Krstic

Published

2021-04-27

Updated

2021-05-06

CVE-2020-22000

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HomeAutomation version 3.3.2

Description The issue allows for authenticated OS command execution using the custom command v0.1 plugin. This can be exploited, in conjunction with a CSRF vulnerability, to execute arbitrary shell commands as the web user. The exploitation occurs via the set command on and set command off POST parameters in the "/system/systemplugins/customcommand/customcommand.plugin.php" endpoint, leveraging an unsanitized PHP exec() function.

Recommendations For HomeAutomation version 3.3.2, consider disabling the custom command v0.1 plugin as a temporary workaround until a patch is available. Restrict access to the "/system/systemplugins/customcommand/customcommand.plugin.php" endpoint to minimize the risk of exploitation. Avoid using the set command on and set command off parameters in the affected endpoint until the issue is resolved.

Exploit

Fix

CSRF

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-78

Related Identifiers

CVE-2020-22000

Affected Products

Homeautomation

Custom Command V0.1 Plugin

PT-2021-10715 · Homeautomation+1 · Custom Command V0.1 Plugin+1

CVE-2020-22000

Weakness Enumeration

Related Identifiers

Affected Products

References · 5