Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20991 | 1 Fibaro | 4 Home Center 2, Home Center 2 Firmware, Home Center Lite and 1 more | 2022-04-26 | 9.0 HIGH | 8.8 HIGH |
| In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. | |||||
| CVE-2021-20992 | 1 Fibaro | 4 Home Center 2, Home Center 2 Firmware, Home Center Lite and 1 more | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords. | |||||
| CVE-2021-20990 | 1 Fibaro | 4 Home Center 2, Home Center 2 Firmware, Home Center Lite and 1 more | 2021-04-23 | 7.8 HIGH | 7.5 HIGH |
| In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode. | |||||