Unencrypted HTTP Protocol Vulnerability in Fibaro Home Center 2 and Lite Devices

Unencrypted HTTP Protocol Vulnerability in Fibaro Home Center 2 and Lite Devices

CVE-2021-20992 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords.

Learn more about our Web App Pen Testing.