CVE-2021-20992

Name of the Vulnerable Software and Affected Versions: Fibaro Home Center 2 and Lite devices (affected versions not specified)

Description: The issue concerns the use of an unencrypted HTTP protocol for the web-based management interface. This allows communication between the user and the device to be eavesdropped, potentially leading to the hijacking of sessions, tokens, and passwords.

Recommendations: For all versions of Fibaro Home Center 2 and Lite devices, consider disabling the web-based management interface until a secure, encrypted connection method is implemented. Restrict access to the device's management interface to minimize the risk of exploitation. As a temporary workaround, avoid using the management interface over unsecured networks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.