CVE-2023-27482
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-27482
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Home Assistant 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Home Assistant是一套开源的家庭自动化管理系统。该系统主要用于控制家庭自动化设备。 Home Assistant Supervisor 2023.01.1之前版本存在授权问题漏洞,该漏洞源于存在身份验证绕过漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| home-assistant | core | < 2023.3.2 | - | |
| home-assistant | supervisor | < 2023.03.3 | - |
II. Public POCs for CVE-2023-27482
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27482.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-27482
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: core
- CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets - CVE-2026-40583
UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant - CVE-2026-34578
OPNsense has an LDAP Injection via Unsanitized Username in A - CVE-2026-34762
Ella Core Has Audit Log Falsification via Path/Body IMSI Mis - CVE-2026-34761
Ella Core Panics Upon NGAP handover failure
Same vendor: home-assistant
- CVE-2026-34205
Home Assistant: Unauthenticated App (Add-on) Endpoints Expos - CVE-2026-33045
Home Assistant has stored XSS in history-graphs - CVE-2026-33044
Home Assistant has stored XSS in Map-card through malicious - CVE-2025-62172
Home Assistant vulnerable to Stored XSS in Energy dashboard - CVE-2025-25305
SSL validation for outgoing requests in Home Assistant Core
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2023-27482
No comments yet