CVE-2021-3152
MEDIUM NUCLEIHome Assistant < 2021.1.3 - Path Traversal in Custom Integrations
Title source: llmExploitation Summary
CVE-2021-3152 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation
Nuclei Templates (1)
Home Assistant HACS - Local File Inclusion
HIGHby DhiyaneshDk
Shodan:
title:"Home Assistant"
FOFA:
title="Home Assistant"
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.home-assistant.io/blog/2021/01/14/security-bulletin/
Vendor Advisory x_refsource_misc
https://www.home-assistant.io/blog/2021/01/22/security-disclosure/
Scores
CVSS v3
5.3
EPSS
0.0223
EPSS Percentile
80.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
home-assistant/home-assistant
< 2021.1.3
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026