Description
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf
Scores
CVSS v3
9.8
EPSS
0.1382
EPSS Percentile
94.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (2)
openhab/openhab
< 4.2.1
org.openhab.ui.bundles/org.openhab.ui.cometvisu
0 - 4.2.1Maven
Published
Aug 12, 2024
Tracked Since
Feb 18, 2026