CVE-2020-21998

MEDIUM NUCLEI

Homeautomation - Open Redirect

Title source: rule

Description

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Nuclei Templates (1)

HomeAutomation 3.3.2 - Open Redirect

MEDIUMVERIFIEDby 0x_Akoko

References (2)

[Exploit, Third Party Advisory] https://cxsecurity.com/issue/WLB-2019120132

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php

Scores

CVSS v3 6.1

EPSS 0.0138

EPSS Percentile 80.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

homeautomation_project/homeautomation 3.3.2

Published Apr 27, 2021

Tracked Since Feb 18, 2026