CVE-2020-21990

HIGH

Domoticz Mydomoathome - Incorrect Authorization

Title source: rule

Description

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/47824

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5555.php

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/47824

Scores

CVSS v3 7.5

EPSS 0.0131

EPSS Percentile 79.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-863

Status published

Products (1)

domoticz/mydomoathome 0.240

Published Apr 29, 2021

Tracked Since Feb 18, 2026