CVE-2020-27199

HIGH

Magic Home Pro 1.5.1 - Authentication Bypass via Username Enumeration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27199. PoCs published by 9lyph.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-27199, an authentication bypass vulnerability in the Magic Home Pro mobile application. The exploit includes tools for device enumeration, command execution, and device takeover via JWT forging.

Description

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.

Exploits (1)

nomisec WORKING POC 6 stars
by 9lyph · poc
https://github.com/9lyph/CVE-2020-27199

This repository contains a proof-of-concept exploit for CVE-2020-27199, an authentication bypass vulnerability in the Magic Home Pro mobile application. The exploit includes tools for device enumeration, command execution, and device takeover via JWT forging.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Magic Home Pro Mobile Application (com.zengge.wifi)
Auth required
Prerequisites: Authenticated user account · Network access to vulnerable devices · Rooted Android device for initial analysis
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0288
EPSS Percentile 85.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-287
Status published
Products (1)
magic_home_pro_project/magic_home_pro 1.5.1
Published Dec 17, 2020
Tracked Since Feb 18, 2026