Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-20989— Fibaro Home Center Insufficient remote access server authorization

CVSS 5.9 · Medium EPSS 1.84% · P83
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-20989

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Fibaro Home Center Insufficient remote access server authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
FIBARO Home Center 2 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FIBARO Home Center 2是波兰FIBARO公司的一个应用系统。一个系统集成系统。 Fibaro Home Center 2 存在安全漏洞,该漏洞源于SSH连接可以被DNS spoofing攻击拦截。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Fibar Group S.AFibaro Home Center Home Center 2 ~ 4.600 -

II. Public POCs for CVE-2021-20989

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-20989

登录查看更多情报信息。

Same Patch Batch · Fibar Group S.A · 2021-04-19 · 4 CVEs total

CVE-2021-209919.8 CRITICALFibaro Home Center Authenticated remote command execution
CVE-2021-209928.1 HIGHFibaro Home Center Unencrypted management interface
CVE-2021-209907.5 HIGHFibaro Home Center Unauthenticated access to shutdown, reboot and reboot to recovery mode

IV. Related Vulnerabilities

Same product: Fibaro Home Center
Same vendor: Fibar Group S.A
Same weakness: CWE-295

V. Comments for CVE-2021-20989

No comments yet

Leave a comment