CVE-2021-3152

MEDIUM NUCLEI

Home-assistant < 2021.1.3 - Path Traversal

Title source: rule

Description

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation

Nuclei Templates (1)

Home Assistant HACS - Local File Inclusion

HIGHby DhiyaneshDk

Shodan: title:"Home Assistant"

FOFA: title="Home Assistant"

References (2)

[Vendor Advisory] https://www.home-assistant.io/blog/2021/01/14/security-bulletin/

[Vendor Advisory] https://www.home-assistant.io/blog/2021/01/22/security-disclosure/

Scores

CVSS v3 5.3

EPSS 0.4516

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

home-assistant/home-assistant < 2021.1.3

Published Jan 26, 2021

Tracked Since Feb 18, 2026