CVE-2021-20990

Name of the Vulnerable Software and Affected Versions: Fibaro Home Center 2 and Lite versions 4.600 and older

Description: The issue concerns an internal management service accessible on port 8000, where certain API endpoints can be accessed without authentication. This allows unauthorized actions such as triggering a shutdown, a reboot, or a reboot into recovery mode.

Recommendations: For Fibaro Home Center 2 and Lite versions 4.600 and older, update to a version newer than 4.600 to resolve the issue. As a temporary workaround, consider restricting access to port 8000 to minimize the risk of exploitation. Avoid using API endpoints that can trigger shutdown, reboot, or reboot into recovery mode without proper authentication until the issue is resolved.