Vulnerability Description
Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartwares | Home Easy Firmware | <= 1.0.9 |
| Smartwares | Home Easy | - |
Related Weaknesses (CWE)
References
- https://cwe.mitre.org/data/definitions/306.htmlThird Party Advisory
- https://www.exploit-db.com/exploits/47596ExploitThird Party AdvisoryVDB Entry
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.phpExploitThird Party Advisory
- https://cwe.mitre.org/data/definitions/306.htmlThird Party Advisory
- https://www.exploit-db.com/exploits/47596ExploitThird Party AdvisoryVDB Entry
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5541.phpExploitThird Party Advisory
FAQ
What is CVE-2020-21997?
CVE-2020-21997 is a vulnerability with a CVSS score of 7.5 (HIGH). Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resu...
How severe is CVE-2020-21997?
CVE-2020-21997 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-21997?
Check the references section above for vendor advisories and patch information. Affected products include: Smartwares Home Easy Firmware, Smartwares Home Easy.