Vulnerability CVE-2021-20990
Published: 2021-04-19

Description:
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Fibaro Home Center MITM / Missing Authentication / Code Execution
Marton Illes
21.04.2021

Type:

CWE-863

 (Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
https://www.iot-inspector.com/blog/advisory-fibaro-home-center/
http://seclists.org/fulldisclosure/2021/Apr/27
http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html
Copyright 2024, cxsecurity.com

 

Back to Top