Request Type
Other
Description
eBus MQTT Broker Does Not Enforce Publish ACLs
Summary
The eBus MQTT broker on SPAN Panel does not enforce publish ACLs for
consumer clients. Any authenticated consumer can publish to any topic in
the ebus/5/{serial}/ namespace, including the panel's own Homie device
state topics ($state, $description, and property values).
firmware: spanos2/r202603/05
Impact
A consumer client that sets an MQTT Last Will and Testament (LWT) on
ebus/5/{serial}/$state with payload lost (retained) will permanently
corrupt the broker's retained state if the client disconnects ungracefully.
All subsequent Homie-compliant consumers will see $state=lost and refuse
to connect, since the panel does not re-publish $state=ready to overwrite
the corrupted retained message.
Steps to Reproduce
- Authenticate a consumer client via
/api/v2/auth/register
- Connect to the eBus broker
- Publish a retained message to
ebus/5/{serial}/$state with payload lost
- Disconnect
- Connect a new consumer — it will see
$state=lost and never receive ready
Expected Behavior
The broker should enforce topic ACLs per the Homie convention:
| Client |
Publish |
Subscribe |
| Panel (device) |
ebus/5/{serial}/# |
ebus/5/{serial}/+/+/set |
| Consumer |
ebus/5/{serial}/+/+/set only |
ebus/5/{serial}/# |
Consumer clients should only be permitted to publish to /set suffixed
topics (relay control, priority set, etc.). Publishes to $state,
$description, or bare property topics should be rejected by the broker.
Workaround
Consumer implementations must avoid setting an LWT and must not publish to
any topic other than .../set. If state corruption occurs, the only
recovery is a broker (panel) reboot.
Use Case
No response
Request Type
Other
Description
eBus MQTT Broker Does Not Enforce Publish ACLs
Summary
The eBus MQTT broker on SPAN Panel does not enforce publish ACLs for
consumer clients. Any authenticated consumer can publish to any topic in
the
ebus/5/{serial}/namespace, including the panel's own Homie devicestate topics (
$state,$description, and property values).firmware:
spanos2/r202603/05Impact
A consumer client that sets an MQTT Last Will and Testament (LWT) on
ebus/5/{serial}/$statewith payloadlost(retained) will permanentlycorrupt the broker's retained state if the client disconnects ungracefully.
All subsequent Homie-compliant consumers will see
$state=lostand refuseto connect, since the panel does not re-publish
$state=readyto overwritethe corrupted retained message.
Steps to Reproduce
/api/v2/auth/registerebus/5/{serial}/$statewith payloadlost$state=lostand never receivereadyExpected Behavior
The broker should enforce topic ACLs per the Homie convention:
ebus/5/{serial}/#ebus/5/{serial}/+/+/setebus/5/{serial}/+/+/setonlyebus/5/{serial}/#Consumer clients should only be permitted to publish to
/setsuffixedtopics (relay control, priority set, etc.). Publishes to
$state,$description, or bare property topics should be rejected by the broker.Workaround
Consumer implementations must avoid setting an LWT and must not publish to
any topic other than
.../set. If state corruption occurs, the onlyrecovery is a broker (panel) reboot.
Use Case
No response