Smartwares HOME easy v1.0.9 Client-Side Authentication Bypass
Product web page: https://www.smartwares.eu
Affected version: <=1.0.9
Summary: Home Easy/Smartwares are a range of products designed to remotely
control your home using wireless technology. Home Easy/Smartwares is very
simple to set up and allows you to operate your electrical equipment like
lighting, appliances, heating etc.
Desc: HOME easy suffers from information disclosure and client-side authentication
bypass vulnerability through IDOR by navigating to several administrative web pages.
This allowed disclosing an SQLite3 database file and location. Other functionalities
validation and redirection.
Tested on: Boa/0.94.13
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Advisory ID: ZSL-2019-5540
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php