CVE-2011-4835

HomeSeer HS2 2.5.0.20 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4835.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability to retrieve sensitive configuration files and a CSRF attack to add an admin user in HomeSeer Home Automation Software. Both PoCs are functional and target specific endpoints.

Description

Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

webappswindows

https://www.exploit-db.com/exploits/18567

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability to retrieve sensitive configuration files and a CSRF attack to add an admin user in HomeSeer Home Automation Software. Both PoCs are functional and target specific endpoints.

Classification

Working Poc 100%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: HomeSeer Home Automation Software 2.5.0.49

No auth needed

Prerequisites: Network access to the target · Victim interaction for CSRF

MITRE ATT&CK

T1005 - Data from Local System T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/796883

Scores

EPSS 0.0785

EPSS Percentile 93.9%

Details

CWE

CWE-22

Status published

Products (1)

homeseer/homeseer_hs2 2.5.0.20

Published Dec 15, 2011

Tracked Since Feb 18, 2026