MidnightBSD

Advisories for tasmota_project

CVE-2021-36603

Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".

Products Affected

Vendor Product Version
tasmota_project tasmota 6.5.0
CVE-2022-43294

Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp.

Products Affected

Vendor Product Version
tasmota_project tasmota *