First published: Mon Apr 19 2021(Updated: )
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fibaro Home Center 2 Firmware | <=4.600 | |
Fibaro Home Center 2 | ||
Fibaro Home Center Lite Firmware | <=4.600 | |
Fibaro Home Center Lite |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20990 is a vulnerability in Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older, where an internal management service on port 8000 can be accessed without authentication to trigger shutdown, reboot, or reboot into recovery mode.
CVE-2021-20990 has a severity rating of 7.5 out of 10, making it a high-risk vulnerability.
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older are affected by CVE-2021-20990.
CVE-2021-20990 can be exploited by accessing the internal management service on port 8000 without authentication and triggering shutdown, reboot, or reboot into recovery mode.
No, Fibaro Home Center 2 and Lite devices without firmware version 4.600 or older are not vulnerable to CVE-2021-20990.