Vulnerability Note VU#796883
HomeSeer HS2 web interface multiple vulnerabilities
HomeSeer HS2 home automation software web interface contains multiple vulnerabilities.
An attacker with access to the HomeSeer HS2 web interface can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service. In addition an attacker with network access to the HomeSeer HS2 web server may also be able to run system commands, inject arbitrary data, or download arbitrary files.
This has been reported to be addressed in HomeSeer HS2 18.104.22.168 or later.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|HomeSeer||Affected||07 Nov 2011||12 Jan 2012|
CVSS Metrics (Learn More)
Thanks to Silent Dream for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: Unknown
- Date Public: 08 Dec 2011
- Date First Published: 08 Dec 2011
- Date Last Updated: 12 Jan 2012
- Severity Metric: 0.11
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.