HomeSeer HS2 home automation software web interface contains multiple vulnerabilities.
An attacker with access to the HomeSeer HS2 web interface can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service. In addition an attacker with network access to the HomeSeer HS2 web server may also be able to run system commands, inject arbitrary data, or download arbitrary files.
This has been reported to be addressed in HomeSeer HS2 18.104.22.168 or later.
Thanks to Silent Dream for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2011-12-08|
|Date Last Updated:||2012-01-12 18:01 UTC|