Published: 17/12/2020 Updated: 22/12/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
magic home pro project magic home pro 1.5.1

Magic Home Pro version 151 suffers from an authentication bypass vulnerability ...

CVE-2020-27199

CVE-2020-27199 (Magic Home Pro - Authentication Bypass) Multiple vulnerabilities found in the Magic Home Pro Mobile Application which is used to interface with the JadeHomic LED Strip RGB Kit The most significant of these vulnerabilities is an Authentication Bypass (CVE-2020-27199) vulnerability, which ultimately allows for full takeover and control of a victims' entire

CWE-287 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/magic-home-pro-mobile-application-authentication-bypass-cve-2020-27199/https://nvd.nist.gov https://github.com/9lyph/CVE-2020-27199 https://packetstormsecurity.com/files/160534/Magic-Home-Pro-1.5.1-Authentication-Bypass.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-27199

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect