Homebridge instance with incomplete installation detected. The setup wizard is exposed, allowing anyone to create the first admin account and gain full control over the Homebridge instance. This can lead to unauthorized access to smart home devices and potential network compromise.
PoC代码[已公开]
id: homebridge-unfinished-install
info:
name: Homebridge - Unfinished Installation
author: theamanrawat
severity: high
description: |
Homebridge instance with incomplete installation detected. The setup wizard is exposed, allowing anyone to create the first admin account and gain full control over the Homebridge instance. This can lead to unauthorized access to smart home devices and potential network compromise.
reference:
- https://homebridge.io/
- https://github.com/homebridge/homebridge-config-ui-x
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-284
metadata:
verified: true
max-request: 2
shodan-query: title:"Homebridge"
fofa-query: title="Homebridge"
tags: homebridge,misconfig,exposure,iot,smart-home,unauth
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "<title>Homebridge")'
condition: and
internal: true
- method: GET
path:
- "{{BaseURL}}/api/auth/settings"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"setupWizardComplete":false'
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4a0a00473045022100ec457e2253c6aae1597fcf466941656201145ab17038646500cc984359f34ea102200354115bbf9f0543c61934e8a6c1c5a54495bb9c61dcb0b964b614c25acd07a4:922c64590222798bb761d5b6d8e72950