Primary

Context

Smartwares Home Easy Authentication Bypass Vulnerability Allowing Access to Administrative Web Pages

Vulnerability

A client-side authentication bypass vulnerability has been identified in Smartwares HOME easy version 1.0.9. This vulnerability allows unauthenticated attackers to access administrative web pages by disabling JavaScript, thereby bypassing client-side validation and redirection. Exploitation of this vulnerability can lead to unauthorized access to sensitive system information, including the disclosure of an SQLite3 database file and its location.

Impact

Exploitation of this vulnerability bypasses authentication mechanisms, allowing unauthorized access to administrative functionalities and sensitive system information.

Reproduction

To reproduce this vulnerability, disable JavaScript in the web browser. Then, navigate to the administrative endpoints of the Smartwares HOME easy application. The authentication bypass will allow access to various administrative pages, such as task management, room settings, and system information.

Added: Dec 24, 2025, 8:34 PM

Updated: Dec 24, 2025, 9:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Smartwares Home Easy Authentication Bypass Vulnerability Allowing Access to Administrative Web Pages

Vulnerability

Impact

Reproduction

Affected Products

Smartwares HOME easy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating