A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication.

Related CVEs

CVE-2019-11061

Key Information

GHSA ID

GHSA-qwvg-w866-x6c3

Published

May 24, 2022 4:55 PM

Last Modified

April 4, 2024 1:50 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 30, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.