First published: Thu Apr 15 2021(Updated: )
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fibaro Home Center 2 Firmware | ||
Fibaro Home Center 2 | ||
Fibaro Home Center Lite Firmware | ||
Fibaro Home Center Lite |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20992 is a vulnerability found in Fibaro Home Center 2 and Lite devices that provides a web-based management interface over unencrypted HTTP protocol.
The severity of CVE-2021-20992 is high, with a severity value of 7.5.
The vulnerability allows for eavesdropping on communication between the user and the device, potentially leading to the hijacking of sessions, tokens, and passwords.
All versions of Fibaro Home Center 2 and Lite devices are affected.
At the moment, there is no information about a specific fix for CVE-2021-20992. It is recommended to follow the vendor's security advisories for updates.