Lucene search
K

30 matches found

NVD
NVD
added 2026/01/06 4:15 p.m.5 views

CVE-2020-36905

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

7.5CVSS0.00443EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/01/06 3:52 p.m.2 views

CVE-2020-36905 FIBARO System Home Center 5.021 Remote File Inclusion via Proxy API

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

7.5CVSS6.7AI score0.00443EPSS
Exploits1References7
CVE
CVE
added 2026/01/06 3:52 p.m.18 views

CVE-2020-36905

CVE-2020-36905 affects FIBARO System Home Center 5.021. A remote file inclusion vulnerability exists in the undocumented proxy API that allows an attacker to include arbitrary client-side scripts by abusing the GET parameter “url,” enabling injection of malicious JavaScript and potentially hijack...

7.5CVSS6.7AI score0.00443EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.5 views

FIBARO System Home Center 安全漏洞

FIBARO System Home Center is a series of smart home core central control hosts from the Polish company FIBARO. A security vulnerability exists in FIBARO System Home Center version 5.021, which stems from a remote file inclusion vulnerability in the undocumented proxy API that could lead to the...

7.5CVSS7AI score0.00443EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.6 views

PT-2026-1440

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

7.5CVSS7AI score0.00443EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-8398

Malicious code in bioql PyPI...

5.9CVSS7AI score0.01983EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-8399

Malicious code in bioql PyPI...

7.8CVSS8.3AI score0.03429EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8401

Malicious code in bioql PyPI...

8.1CVSS8.3AI score0.01421EPSS
Exploits3References4
0day.today
0day.today
added 2021/04/20 12:0 a.m.121 views

Fibaro Home Center MITM / Missing Authentication / Code Execution Vulnerabilities

Fibaro Home Center Light and Fibaro Home Center 2 versions 4.600 and below suffer from man-in-the-middle, missing authentication, remote command execution, and missing encryption vulnerabilities. Fibaro Home Center MITM / Missing Authentication / Code Execution Vendor description:...

9.8CVSS7AI score0.05437EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/04/20 12:0 a.m.573 views

Fibaro Home Center MITM / Missing Authentication / Code Execution

IoT Inspector Research Lab Advisory IOT-20210408-0 title: Multiple vulnerabilities vendor/product: Fibaro Home Center Light / Fibaro Home Center 2 https://www.fibaro.com/ vulnerable version: 4.600 and older fixed version: 4.610 CVE number: CVE-2021-20989, CVE-2021-20990, CVE-2021-20991,...

0.9AI score0.05437EPSS
Exploits6
OSV
OSV
added 2021/04/19 2:15 p.m.2 views

CVE-2021-20991

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability...

8.8CVSS7.3AI score
Exploits0References3
OSV
OSV
added 2021/04/19 2:15 p.m.3 views

CVE-2021-20990

In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode...

7.5CVSS7.2AI score0.03429EPSS
Exploits3References3
NVD
NVD
added 2021/04/19 2:15 p.m.29 views

CVE-2021-20989

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be...

5.9CVSS0.01983EPSS
Exploits3References3
Prion
Prion
added 2021/04/19 2:15 p.m.14 views

Command injection

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability...

9CVSS9AI score0.05437EPSS
Exploits3References3Affected Software2
Cvelist
Cvelist
added 2021/04/19 2:5 p.m.25 views

CVE-2021-20991 Fibaro Home Center Authenticated remote command execution

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability...

9.8CVSS10AI score0.05437EPSS
Exploits3References3
Cvelist
Cvelist
added 2021/04/19 2:5 p.m.32 views

CVE-2021-20989 Fibaro Home Center Insufficient remote access server authorization

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be...

5.9CVSS6AI score0.01983EPSS
Exploits3References3
Cvelist
Cvelist
added 2021/04/19 2:5 p.m.18 views

CVE-2021-20992 Fibaro Home Center Unencrypted management interface

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and passwords...

8.1CVSS8.2AI score0.01421EPSS
Exploits3References3
Cvelist
Cvelist
added 2021/04/19 2:5 p.m.38 views

CVE-2021-20990 Fibaro Home Center Unauthenticated access to shutdown, reboot and reboot to recovery mode

In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode...

7.5CVSS7.9AI score0.03429EPSS
Exploits3References3
CVE
CVE
added 2021/04/19 2:5 p.m.84 views

CVE-2021-20990

Fibaro Home Center 2 and Lite devices with firmware 4.600 and older expose an internal management service on port 8000 that can be accessed without authentication to trigger shutdown, reboot, or reboot into recovery mode. A fix is available in newer firmware (e.g., 4.610); implementing an upgrade...

7.8CVSS7.8AI score0.03429EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2021/04/19 2:5 p.m.86 views

CVE-2021-20991

CVE-2021-20991 affects Fibaro Home Center 2 and Lite devices with firmware 4.540 and older. An authenticated user can perform command injection to execute commands as root. Connected docs corroborate remote command execution and MITM-related disclosures for Fibaro Home Center products; no explici...

9.8CVSS9.4AI score0.05437EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder