secureness
commented
1 year ago According to this if we want to Test this CVE by RCE, we must change server configurations, So I recommend that we check if we can access Authorized endpoints or not.
Open secureness opened 1 year ago
secureness
commented
1 year ago According to this if we want to Test this CVE by RCE, we must change server configurations, So I recommend that we check if we can access Authorized endpoints or not.
secureness
commented
1 year ago I really like to start implementing a tsunami plugin for it, please give me a ping about current situation of this issue. @maoning @nttran8
secureness
commented
1 year ago Hi @maoning @nttran8 , could you please let me to start implementing this plugin?
There are too many instances of this Application on internet according to shodan it would be great to let me start implementing a tsunami plugin for this critical vulnerability ASAP. References: POC: https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md Blog Post: https://www.elttam.com/blog/pwnassistant/ GitHub advisory: https://github.com/home-assistant/core/security/advisories/GHSA-2j8f-h4mr-qr25