Impact
Anyone with web_server enabled and HTTP basic auth configured on 2021.9.1 or older
web_server allows OTA update without checking user defined basic auth username & password
Patches
Patch released in 2021.9.2
Original commit be965a6
Workarounds
Disable/remove web_server
For more information
If you have any questions or comments about this advisory:
Impact
Anyone with web_server enabled and HTTP basic auth configured on 2021.9.1 or older
web_serverallows OTA update without checking user defined basic auth username & passwordPatches
Patch released in 2021.9.2
Original commit be965a6
Workarounds
Disable/remove
web_serverFor more information
If you have any questions or comments about this advisory: