CVE-2021-20992

Summary

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.

Affected Software

VendorProductVersion RangeStatus
Fibar Group S.AFibaro Home CenterHome Center 2 allaffected
Fibar Group S.AFibaro Home CenterHome Center Lite allaffected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References