CVE-2021-20992
Fibaro Home Center Unencrypted management interface
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.
En dispositivos Fibaro Home Center versión 2 y Lite en todas las versiones proporcionan una interfaz de administración basada en web sobre el protocolo HTTP sin cifrar. Una comunicación entre el usuario y el dispositivo puede ser escuchado a escondidas para secuestrar sesiones, tokens y contraseñas
Fibaro Home Center Light and Fibaro Home Center 2 versions 4.600 and below suffer from man-in-the-middle, missing authentication, remote command execution, and missing encryption vulnerabilities.
*Credits:
Marton Illes IoT Inspector Research Lab https://www.iot-inspector.com
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-17 CVE Reserved
- 2021-04-19 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2024-09-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Apr/27 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fibaro Search vendor "Fibaro" | Home Center 2 Firmware Search vendor "Fibaro" for product "Home Center 2 Firmware" | * | - |
Affected
| in | Fibaro Search vendor "Fibaro" | Home Center 2 Search vendor "Fibaro" for product "Home Center 2" | - | - |
Safe
|
| Fibaro Search vendor "Fibaro" | Home Center Lite Firmware Search vendor "Fibaro" for product "Home Center Lite Firmware" | * | - |
Affected
| in | Fibaro Search vendor "Fibaro" | Home Center Lite Search vendor "Fibaro" for product "Home Center Lite" | - | - |
Safe
|