Fibaro Home Center Unencrypted management interface
CVE-2021-20992

8.1HIGH

Key Information:

Vendor: Fibar Group S.a
Status: Fibaro Home Center
Vendor: CVE Published:; 19 April 2021

🔔 Create Fibar Group S.a Vulnerability Alert

What is CVE-2021-20992?

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.

Affected Version(s)

Fibaro Home Center Home Center 2 all

Fibaro Home Center Home Center Lite all

References

https://www.iot-inspector.com/blog/advisory-fibaro-home-c...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2021/Apr/27

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/162243/Fibaro-Home-C...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2021
Vulnerability Reserved
Dec 17, 2020

Credit

Marton Illes IoT Inspector Research Lab https://www.iot-inspector.com

JSON