CVE-2019-25235

Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

CVSS 8.8 HIGHEPSS 0.4%CWE-639

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Smartwares · Smartwares HOME easy

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.exploit-db.com/exploits/47595 https://www.smartwares.eu https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php