# Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass
# Author: LiquidWorm
# Vendor: Smartwares
# Product web page: https://www.smartwares.eu
# Affected version: <=1.0.9
# Advisory ID: ZSL-2019-5540
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php
# CVE: N/A
Summary: Home Easy/Smartwares are a range of products designed to remotely
control your home using wireless technology. Home Easy/Smartwares is very
simple to set up and allows you to operate your electrical equipment like
lighting, appliances, heating etc.
Desc: HOME easy suffers from information disclosure and client-side authentication
bypass vulnerability through IDOR by navigating to several administrative web pages.
This allowed disclosing an SQLite3 database file and location. Other functionalities
validation and redirection.
Tested on: Boa/0.94.13
# 0day.today [2019-12-03] #