CVE-2021-41104
- Source
- https://cve.org/CVERecord?id=CVE-2021-41104
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41104.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-41104
- Aliases
- Related
- Published
- 2021-09-28T16:15:08.413Z
- Modified
- 2026-02-12T07:43:38.716463Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which
web_serverallows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround, one may disable or removeweb_server. - References
-
- https://github.com/esphome/esphome/pull/2409/commits/207cde1667d8c799a197b78ca8a5a14de8d5ca1e
- https://github.com/esphome/esphome/releases/tag/2021.9.2
- https://github.com/esphome/esphome/security/advisories/GHSA-48mj-p7x2-5jfm
- https://github.com/esphome/esphome/pull/2409/commits/207cde1667d8c799a197b78ca8a5a14de8d5ca1e
- https://github.com/esphome/esphome/security/advisories/GHSA-48mj-p7x2-5jfm
Affected packages
Git / github.com/esphome/esphome
Affected ranges
- Type
- GIT
- Repo
- https://github.com/esphome/esphome
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2021.*
2021.8.0
2021.8.1
2021.8.2
2021.9.0
2021.9.0b1
2021.9.0b2
2021.9.0b3
2021.9.0b4
2021.9.0b5
2021.9.1
v1.*
v1.1
v1.10.0
v1.10.0b1
v1.10.0b2
v1.10.1
v1.11.0
v1.11.0b1
v1.11.0b2
v1.11.0b3
v1.11.1
v1.11.2
v1.12.0
v1.12.0b1
v1.12.0b2
v1.12.0b3
v1.12.0b4
v1.12.1
v1.12.2
v1.13.0
v1.13.0b1
v1.13.0b2
v1.13.0b3
v1.13.0b4
v1.13.0b5
v1.13.0b6
v1.13.0b7
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.14.0
v1.14.0b1
v1.14.0b2
v1.14.0b3
v1.14.0b4
v1.14.0b5
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.15.0
v1.15.0b1
v1.15.0b2
v1.15.0b3
v1.15.0b4
v1.15.1
v1.15.2
v1.15.3
v1.16.0
v1.16.0b1
v1.16.0b2
v1.16.0b3
v1.16.0b4
v1.16.0b5
v1.16.0b6
v1.16.0b7
v1.16.0b8
v1.16.1
v1.16.2
v1.17.0
v1.17.0b1
v1.17.1
v1.17.2
v1.18.0
v1.18.0b1
v1.18.0b2
v1.18.0b3
v1.18.0b4
v1.19.0
v1.19.0b1
v1.19.0b2
v1.19.0b3
v1.19.0b4
v1.19.0b5
v1.19.0b6
v1.19.0b7
v1.19.1
v1.19.2
v1.19.3
v1.19.4
v1.2.1
v1.2.2
v1.20.0
v1.20.0b1
v1.20.0b2
v1.20.0b3
v1.20.0b4
v1.20.0b5
v1.20.0b6
v1.20.1
v1.20.2
v1.20.3
v1.20.4
v1.21.0b1
v1.21.0b2
v1.21.0b3
v1.3.0
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v1.9.0b1
v1.9.0b3
v1.9.0b4
v1.9.0b5
v1.9.0b6
v1.9.2
v1.9.3