-
Autor
Hi,
in a separate thread in this forum I learned of mgos-to-tasmota and it's ability to migrate Shelly's stock firmware through OTA.
It's a great tool, I'm very happy and thankful it exists. It is allowing me to migrate from Shelly's stock firmware to the much more powerful Tasmota without having to remove the switches from the wall
However, what surprised me (and scared at the same time) is the lack of authentication / credentials for doing this. Anybody in the SAME network with the right knowledge (guest, friend or hacker) could override the device settings and/or firmware of ALL Shelly switches anytime!
If this is true I think it is a huge security exposure in Shelly's firmware and users should be made aware of it!
My expectation is that at least a password is required in order to override the firmware.
Could anybody please confirm or correct this observation?
Thanks!