Preface: Sometimes lighting can become a security safeguard. Perhaps the lighting system will help you figure out whether intruder jump to your garden at night.
Synopsis: It is hard to avoid the digital transformation trend integrate to your daily life. As the matter of fact, they are on board already. For instance the remote controlled outdoor outlets with on/off function, Z-Wave outlets that measure energy consumption for connected lamps and appliances.
Remark: Z–Wave is a wireless communications protocol used primarily for home automation.
HomeAutomation is an open-source web interface and scheduling solution. Quite a lot of IoT manufacturer are do the product integration to HomeAutomation (see attached diagram). Expert found design weakness occured in HomeAutomation software.
From technical aspect. Use the cURL_init function, implemented with PHP, to open a connection and the links includes reference’s to the other two functions (curl_setopt & curl_exec) to be able to potentially reuse an existing handle (conncetion).
The HomeAutomation suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution. For details, please refer to diagram.
Status: No official announcement for the remediation by software vendor and manufacturer in the moment.