Dashboard display different controller than the user ID should allow

So I have two controllers with different admin accounts and different email address registered as administrators.

When I login to one, the other one is displayed despite not being authenticated in the dashboard.

I login to controller ending in serial number 2629 and then I see the correct dashboard it loads all cameras and the devices.

If I use the mouse to click meshbots I notice they arent correct at all so back to dashboard. Mysteriously I get the dashboard of a completely different controller with serial ending in 2965.

I did not login to that controller so how can I be accessing it?

This is a link to view it live as it just happens while navigating the dashboard.

I cant edit the controller that needs work

Hello @focusedcoder

It looks like a web browser cache issue, so we have 3 different paths to follow:

Firstly, ensure that you are not logged into both controllers in different tabs or windows of the same browser, as this could potentially cause session conflicts. Try the following these steps:

1. Clear your browser cache and cookies to ensure that no old session data is causing the issue.
2. Use an incognito/private mode tab to rule out browser-specific issues.
3. Check if the issue persists in a different browser.

Give them a try and let us know your results and comments, please.

UPDATED/Edited for clarity

Ok I have spent some time researching this. I reset my browser (Edge).

When I open the (https;//ezlogic,mios,com/#/ezlo/dashboard)

several things happen automatically.

First ,the login page automatically logs in without any user intervention.
The fields are auto populated and it logs in.

It appears to be using my saved username and passwords from the browser wallet. I have several accounts/controllers and just happened to be the wrong credentials for the unit I needed and I discovered this problem.
(the page just autofills a username and password from the wallet in Edge)
without clicking log in.

I cant stop that auto login, (without a browser reset) but the problem is manageable by logging back out. Then logging back in with the credentials for the unit I want to manage.

To avoid automatic login on the page, I deleted all saved accounts and passwords in the Edge Wallet and reset the browser and DO NOT let it save the credentials.
Saved credentials results in automatically logging in each time and its extra clicks to log back out. I hope its not going to remain programmed to auto login with no click. Single controller users may in fact love that “feature”.

After a browser reset I open the page, it does not automatically login the first time. All subsequent logins will be automatic if credentials are saved in both browsers. it just happens without me clicking the button for “log in”. Repeating this I know.

I input my credentials, and dashboard opens but it is NOT the controller linked/authorized with the credentials I use. Instead, it opens the controller connected on my LAN. I expect to see an offsite controller that the credentials are linked to. I FINALLY realized I have been seeing the controller on my LAN that started this thread.

If I did not have a different controller on my LAN this might not be an issue but I do. Mios authentication seems to permit this direct unexpected/unauthorized access to a controller specifically when both devices are using the same LAN subnet/gateway and the client PC is authenticated to Mios for a different controller.

In theory, a user of my LAN/WIFI, with valid credentials, could access my controller.

I would like to know how to stop that specific exploit?

Chrome testing shows the same problem, improper access to the controller on my LAN. Dashboard for the local controller is taking precedent over the dashboard/controller I should be allowed to control.

I just assumed that turning off my local controller, it would be “unavailable” to be controlled since its offline.

UPDATE: Unplugging my local controller seems to stop the dashboard from being displayed using an offsite controller’s credentials.
I dont like unplugging my local controller to work around the substitution of the dashboard but at least I can now work on the controller that is expected to load.

I have been working on and off with this unit on the local lan. By chance, I logged in with my information for my Vera Edge controller, it was listed as a controller but disconnected from the dashboard. I logged out and back in with my MiOS information for this new EzLo plus and randomly or by some interaction of the dashboard interface, my Vera Edge is bricked! and my new controller wont pair my motion sensors so im stuck hard down. If you do play with both controllers on the same LAN as I did with multiple accounts accross the platform be careful.

How do you mean when you say that?

Listed as a controller where? Vera firmware controllers don’t work with the new Ezlogic web UI so they shouldn’t ever get listed in there.

And thus no devices from a Vera firmware controller will appear on the Ezlo Dynamic Dashboard.

Ezlo controllers on the other hand do appear in the old home.getvera.com portal page but are not accessible from that page, they usually say offline.

I have six actual controllers on my LAN and in my original Vera user account, two Vera units and two Ezlo units, plus another Ezlo Atom controller and maybe 4 or 5 EzloPi controllers, not had any major issues like a bricked controller. I also have a new totally separate user account with another Ezlo controller on it.

When you say its bricked can you not ping it? SSH into it as root? Access it via the local Vera UI7 web UI?

I’ve never heard of this before but I do not have an off site Ezlo controller myself. Support need to look into this and test it @slapfrost

The Ezlo Dynamic Dashboard has its own login as you have discovered which is kinda separate to the login for the main Ezlogic web UI.

Usually if you have all your controllers under one user account and they are all on the LAN this is not a problem you just login to Ezlogic web UI and the dashboard auto logins in as well.

For me its the same username and password for both Elogic and the Dashboard.

So you are saying you have two different user accounts one for the local Ezlo controller and a different account for the remote Ezlo controller ?

And when you login to Ezlogic and the Dashboard for the remote offsite controller the dashboard is showing the wrong devices off the wrong controller that being the one that is local. And its not showing the devices for the remote offsite controller in the dashboard ?

Well like I mentioned I saw it listed down on the right I believed should have screen shotted it. My vera edge on this same lan is not just showing a no power light, solid wifi and service and internet just flashing. I know there used to be a MAC method to get the IP to recover but I dont know what firmware was on it. Its down.

So as test if you turn off the local controller then everything works as you expect and the remote offsite controllers devices are then shown on the dashboard instead?

That is right, I just unplugged my local EzLo Plus controller, logged in with the account for a remote Ezlo Plus site and got that controller correctly displayed.

At some point in all of this my old Edge controller gave up the ghost. Just happens to also be on this lan. Its a sad day

I wouldn’t panic just yet, the old Vera controllers are very good at saving backups up to the cloud and they are good again when a backup is restored.

Hopefully that is, if its not an actual hardware fault.

Someone from support should contact you soon about these issues.

@focusedcoder

Can you give more information and/or screenshots or recordings on how and where from you are trying to reach your controllers.
It looks like a cache issue on the browser to show you the previously logged in account.
Also the auto-dill issue is not on the web appi it is a browser feature. After you turn it off , does it still auto fills ?

Down on the right where?

Did we talk in another thread maybe ?

home.getvera.com is to be used for the old Vera firmware controllers only.

image1079×637 105 KB

However that page does show any Ezlo controllers on that same user account, but they will be offline and not accessible.

@osman we asked if they could be hidden from view altogether as its confusing for users.

Also note if using Chrome browser you need to change a setting now in the browser for the re-direct to work see here.

And obviously for local Vera firmware controllers you can just enter the Vera controllers local LAN IP into the browser to access the Vera UI7 web UI like this: http://192.168.0.101/cmh/#devices

ezlogic.mios.com

Is to be used for new Ezlo firmware controllers. And that is the new Ezlogic web UI and Ezlo Dynamic Dashboard.

In here you can see your controllers connected to the logged in user account by going to Settings - Controllers on the main menu on the left.

image697×473 40.9 KB

And for mobile apps you should be using the old Vera mobile app for Vera firmware controllers and the new Mios app for Ezlo firmware controllers ideally. See here for links.

Also note you can login to the Ezlo dashboard on its own without the rest of the Ezlogic web UI site around it. By using this URL

https://ezlodashboard.mios.com

Well I can not reproduce it now this Vera Edge is bricked. It was in the Ezlo dashboard offline im almost sure of it.

my new ezlos were in the UI7 dashboard for a while before they got a firmware update I could even open them.

If I ever unbrick the edge I can examine it again. Im still wondering about the LAN issue cross showing my local EzLo Plus vs the one the account should have accessed. that was not a cache issue.

reserved fhghjhhhj

Oh wow "Ezlo dashboard on its own without the rest of the Ezlogic web UI "

Yeah so maybe that is why I have two URLS and duplicate usernames and passwords in my Edge wallet, one for both of those URLS.

I clicked it and you see here thats the serial of a old Vera Edge showing there its a remote site only a Vera Account but im logged into Mios with it, my now bricked Vera Edge was listed here as well.

I dont wanna mess with it Im scared it might get corrupted.

Screenshot 2024-01-17 1143021428×655 48 KB

OK I see what you mean now. Yes it seems Vera firmware hubs are listed in the Ezlo Dynamic Dashbord account screen, that is where your screen shot is showing.

My two Vera firmware hubs appear in that area also. However it should be nothing to worry about and that won’t be any cause of the Vera Edge now being bricked I don’t think.

“Vera firmware hubs are listed in the Ezlo Dynamic Dashbord”

Yes and we see it Vice Versa with Ezlo Hubs in UI7

But the Ezlo dashboard itself will not show or display any devices from a Vera firmware hub on the tiles. Despite the fact that it does seem to be listing the Vera hubs serial number(s) in that account page you just did a screen shot of. I know it seems confusing Ezlo really need to make it less so.

Can you do a screen shot of that? I have never seen Ezlo firmware hubs in the old Vera UI7 web UI (desktop browser)

Or are you talking about the Vera mobile app because that is different. The Vera mobile app currently can and does show Ezlo hubs and you can connect to them, that will be removed at some point.

Again its confusing. Mios app is recommended for actual use with Ezlo hubs.