216.73.216.67

CVE-2019-25494

· Published 27/02/2026 18:16 · Modified 27/02/2026 18:16

Labels: CVE-2019-25494 2026-02-27CVE-2019-25494CWE-89[email protected]

Essential information

Published
27/02/2026 18:16
Modified
27/02/2026 18:16
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
homey / homey bnb cpe:2.3:a:homey:homey_bnb:*:*:*:*:*:*:*:*

References