目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Home-Assistant 厂商漏洞列表 / CVE 中文分析 16

Home-Assistant 厂商相关 16 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Home Assistant 是开源家庭自动化平台,用于连接和控制智能家居设备。历史上常见漏洞包括远程代码执行、跨站脚本请求伪造和权限绕过,主要源于第三方集成和API安全缺陷。2022年曾曝出严重身份验证绕过漏洞,影响多个版本。项目虽提供安全更新机制,但复杂生态系统增加了攻击面,用户需及时修补漏洞并限制网络访问。

上位製品 Home-Assistant: core Home Assistant Operating System Home Assistant Community Store (HACS)
CVE IDタイトルCVSS深刻度公開日
CVE-2021-47942 Home Assistant Community Store 1.10.0 Path Traversal Account Takeover — Home Assistant Community Store (HACS)CWE-22 7.5 High2026-05-16
CVE-2026-34205 Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode — Home Assistant Operating SystemCWE-923 9.7 Critical2026-03-27
CVE-2026-33045 Home Assistant has stored XSS in history-graphs — coreCWE-79 6.1 -2026-03-27
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name — coreCWE-79 5.4 -2026-03-27
CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name — coreCWE-80 5.4AIMediumAI2025-10-14
CVE-2025-25305 SSL validation for outgoing requests in Home Assistant Core and used libs not correct — coreCWE-940 7.0 High2025-02-18
CVE-2023-50715 User accounts disclosed to unauthenticated actors on the LAN — coreCWE-200 4.3 Medium2023-12-15
CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core — coreCWE-200 4.3 Medium2023-10-19
CVE-2023-41894 Local-only webhooks externally accessible via SniTun in Home Assistant Core — coreCWE-669 5.3 Medium2023-10-19
CVE-2023-41895 Cross-site Scripting via auth_callback login in Home Assistant Core — coreCWE-79 8.8 High2023-10-19
CVE-2023-41896 Fake websocket server installation permits full takeover in Home Assistant Core — coreCWE-345 7.1 High2023-10-19
CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core — coreCWE-1021 8.8 High2023-10-19
CVE-2023-41899 Partial Server-Side Request Forgery in Home Assistant Core — coreCWE-918 6.6 Medium2023-10-19
CVE-2023-41898 Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android — coreCWE-345 8.6 High2023-10-19
CVE-2023-44385 Client-Side Request Forgery in Home Assistant iOS/macOS native Apps — coreCWE-352 8.6 High2023-10-19
CVE-2023-27482 Home Assistant 授权问题漏洞 — coreCWE-287 10.0 Critical2023-03-08

本页汇总了 Home-Assistant 厂商截至目前公开的全部 16 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。