Описание
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.600 (включая)
Одновременно
cpe:2.3:o:fibaro:home_center_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fibaro:home_center_2:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 4.600 (включая)
Одновременно
cpe:2.3:o:fibaro:home_center_lite_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fibaro:home_center_lite:-:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01763
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode.
EPSS
Процентиль: 82%
0.01763
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-306
CWE-306