VYPR

Openhab Webui

by Openhab

Source repositories

CVEs (6)

  • CVE-2024-42467CriAug 12, 2024
    risk 0.58cvss 10.0epss 0.01

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as…

  • CVE-2024-42469CriAug 12, 2024
    risk 0.57cvss 9.8epss 0.01

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible…

  • CVE-2024-42470MedAug 12, 2024
    risk 0.35cvss 6.5epss 0.01

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated…

  • CVE-2024-42468MedAug 12, 2024
    risk 0.28cvss 5.3epss 0.01

    openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via…

  • CVE-2021-21266MedFeb 1, 2021
    risk 0.00cvss 6.4epss 0.01

    openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity (XXE) attack allows attackers in the same network as the openHAB instance to retrieve internal information like the…

  • CVE-2020-5242HigFeb 20, 2020
    risk 0.00cvss 7.7epss 0.02

    openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted…