Exploitation Summary
EIP tracks 1 public exploit for CVE-2019-25235. PoCs published by LiquidWorm.
AI-analyzed exploit summary This is a writeup describing a client-side authentication bypass vulnerability in Smartwares HOME easy <=1.0.9. The vulnerability allows unauthorized access to administrative pages and SQLite3 database files by disabling JavaScript or navigating directly to specific URLs.
Description
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
Exploits (1)
This is a writeup describing a client-side authentication bypass vulnerability in Smartwares HOME easy <=1.0.9. The vulnerability allows unauthorized access to administrative pages and SQLite3 database files by disabling JavaScript or navigating directly to specific URLs.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H