cbcvebase.
CVE-2020-27199
published 2020-12-17

CVE-2020-27199: The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple…

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.88%
85.1th percentile
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.

Affected

1 ranges
VendorProductVersion rangeFixed in
magic_home_pro_projectmagic_home_pro

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://wifij01us.magichue.net/app/sendCommandBatch/ZG001
urlhttps://wifij01us.magichue.net/app/getBindedUserListByMacAddress/ZG001
urlhttps://wifij01us.magichue.net/app/shareDevice/ZG001
uaMagic Home/1.5.1(ANDROID,9,en-US)
otherJWT alg:None token with header {"typ": "JsonWebToken","alg": "None"}
otherMAC address base prefix C82E475DCE
bytes
71230fa3
bytes
71240fa4
  • Flag JWT tokens with algorithm set to 'None' (alg: None) in the token header field of HTTP requests to magichue.net API endpoints — this is the core token-forging technique used in the bypass.
  • Monitor POST requests to /app/shareDevice/ZG001 carrying a forged token header — this is the final stage of the attack used to take over a victim's device.
  • Alert on authentication requests to magichue.net API that originate without a valid password field — the exploit authenticates with an empty or attacker-controlled credential to obtain a legitimate token used for enumeration.
  • ·The forged JWT uses hardcoded expiry/refresh/login timestamps (expireDate: 1618264850608, refreshDate: 1613080850608, loginDate: 1602712850608); attackers may update these values to extend token validity.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.