Description
Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Silent_Dream · textwebappswindows
https://www.exploit-db.com/exploits/18567
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/796883
Scores
EPSS
0.0016
EPSS Percentile
36.4%
Details
CWE
CWE-352
Status
published
Products (1)
homeseer/homeseer_hs2
2.5.0.20
Published
Dec 15, 2011
Tracked Since
Feb 18, 2026