CVE-2021-20992— Fibaro Home Center Unencrypted management interface
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-20992
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fibaro Home Center Unencrypted management interface
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fibaro Home Center 2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FIBARO Home Center 2是波兰FIBARO公司的一个应用系统。一个系统集成系统。 Fibaro Home Center 2 存在安全漏洞,该漏洞源于用户和设备之间的通信可以被窃听来劫持会话、令牌和密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Fibar Group S.A | Fibaro Home Center | Home Center 2 all | - |
II. Public POCs for CVE-2021-20992
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-20992
请登录查看更多情报信息。
- https://www.iot-inspector.com/blog/advisory-fibaro-home-center/x_refsource_CONFIRM
- Packet Stormx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-20992
Same Patch Batch · Fibar Group S.A · 2021-04-19 · 4 CVEs total
| CVE-2021-20991 | 9.8 CRITICAL | Fibaro Home Center Authenticated remote command execution |
| CVE-2021-20990 | 7.5 HIGH | Fibaro Home Center Unauthenticated access to shutdown, reboot and reboot to recovery mode |
| CVE-2021-20989 | 5.9 MEDIUM | Fibaro Home Center Insufficient remote access server authorization |
IV. Related Vulnerabilities
Same weakness: CWE-319
- CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl ma - CVE-2026-45179
Plack::Middleware::Statsd versions before 0.9.0 for Perl may - CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport - CVE-2026-7610
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmissi - CVE-2026-42514
Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
V. Comments for CVE-2021-20992
No comments yet