An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the graphical interface via a 1C000000000S value for domus, in conjunction with a zero value for logged.
| Software | From | Fixed in |
|---|---|---|
| comelitgroup / away_from_home | 2.8.0 | 2.8.0.x |