Safety vulnerability ID: 42322
The information on this page was manually curated by our Cybersecurity Intelligence Team.
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or remove `web_server`.
Latest version: 2024.5.0
Make creating custom firmwares for ESP32/ESP8266 super easy.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application