Login Sign Up

CVE-2024-27081

7.2 HIGH
Remote Code Execution Path Traversal

📋 TL;DR

This vulnerability in ESPHome's dashboard component allows authenticated attackers to read and write arbitrary files within the configuration directory, potentially leading to remote code execution. It affects ESPHome version 2023.12.9 (command line installation). Users running this version with the dashboard exposed are at risk.

💻 Affected Systems

Products:
  • ESPHome
Versions: 2023.12.9 (command line installation)
Operating Systems: All platforms running ESPHome
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects command line installations with the dashboard component enabled and accessible.

📦 What is this software?

Esphome by Esphome

View all CVEs affecting Esphome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attacker to execute arbitrary commands, steal data, or pivot to other systems.

🟠

Likely Case

Unauthorized access to configuration files, potential modification of device configurations, and limited file system access within the configuration directory.

🟢

If Mitigated

No impact if proper authentication controls and network segmentation are implemented, or if the dashboard is not exposed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to the dashboard API. The vulnerability is in the edit configuration file API endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.2.1

Vendor Advisory: https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p

Restart Required: Yes

Instructions:

1. Update ESPHome to version 2024.2.1 or later using 'pip install --upgrade esphome'. 2. Restart the ESPHome dashboard service.

🔧 Temporary Workarounds

Disable Dashboard Access

all

Temporarily disable or restrict access to the ESPHome dashboard component.

Stop the ESPHome dashboard service
Block dashboard port (6052) in firewall

Network Segmentation

all

Restrict dashboard access to trusted internal networks only.

Configure firewall to allow dashboard access only from specific IPs

🧯 If You Can't Patch

  • Implement strict network access controls to limit dashboard access to trusted sources only.
  • Disable the dashboard component entirely and use alternative configuration methods.

🔍 How to Verify

Check if Vulnerable:

Check ESPHome version with 'esphome version'. If version is 2023.12.9, you are vulnerable.

Check Version:

esphome version

Verify Fix Applied:

After updating, verify version is 2024.2.1 or later with 'esphome version'.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in ESPHome logs
  • Multiple failed authentication attempts to dashboard
  • Unexpected configuration file modifications

Network Indicators:

  • Unusual traffic to dashboard API endpoints
  • Requests to edit configuration file API from unexpected sources

SIEM Query:

source="esphome" AND (event="file_access" OR event="config_edit")

📊 Metadata

CVE ID: CVE-2024-27081
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: February 26, 2024
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27081, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)