Vulnerability Description
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fibaro | Home Center 2 Firmware | All versions |
| Fibaro | Home Center 2 | - |
| Fibaro | Home Center Lite Firmware | All versions |
| Fibaro | Home Center Lite | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-AuthExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2021/Apr/27Mailing ListThird Party Advisory
- https://www.iot-inspector.com/blog/advisory-fibaro-home-center/ExploitThird Party Advisory
- http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-AuthExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2021/Apr/27Mailing ListThird Party Advisory
- https://www.iot-inspector.com/blog/advisory-fibaro-home-center/ExploitThird Party Advisory
FAQ
What is CVE-2021-20992?
CVE-2021-20992 is a vulnerability with a CVSS score of 8.1 (HIGH). In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to h...
How severe is CVE-2021-20992?
CVE-2021-20992 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20992?
Check the references section above for vendor advisories and patch information. Affected products include: Fibaro Home Center 2 Firmware, Fibaro Home Center 2, Fibaro Home Center Lite Firmware, Fibaro Home Center Lite.