CVE-2021-20991

Summary

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.

Affected Software

VendorProductVersion RangeStatus
Fibar Group S.AFibaro Home CenterHome Center 2 <= 4.540affected
Fibar Group S.AFibaro Home CenterHome Center Lite <= 4.540affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References