CVE-2024-27081
Last modified
CVE-2024-27081 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Esphome | Esphome | 2023.12.9 |
References
- https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2pExploit, Vendor Advisory
- https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2pExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-27081?
How severe is CVE-2024-27081?
How do I fix CVE-2024-27081?
Are you affected by CVE-2024-27081?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST