Vulnerabilities > Fibaro > Home Center 2 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-19 | CVE-2021-20992 | Cleartext Transmission of Sensitive Information vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. | 5.0 |
| 2021-04-19 | CVE-2021-20991 | Command Injection vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. | 9.0 |
| 2021-04-19 | CVE-2021-20990 | Missing Authentication for Critical Function vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode. | 7.5 |
| 2021-04-19 | CVE-2021-20989 | Improper Certificate Validation vulnerability in Fibaro Home Center 2 Firmware and Home Center Lite Firmware Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. | 5.9 |