Published: 19/04/2021 Updated: 26/04/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fibaro home_center_2_firmware
fibaro home_center_lite_firmware

Fibaro Home Center Light and Fibaro Home Center 2 versions 4600 and below suffer from man-in-the-middle, missing authentication, remote command execution, and missing encryption vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center <!--X- ...

CWE-77 https://www.iot-inspector.com/blog/advisory-fibaro-home-center/http://seclists.org/fulldisclosure/2021/Apr/27 http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-20991

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect