Multiple critical security vulnerabilities existed in the firmware of three different smart home hubs. These vulnerabilities, upon exploit, could allow remote code execution attacks.
Researchers from ESET IoT Research discovered numerous security vulnerabilities in three different smart home hubs.
As elaborated in their blog post, they found the vulnerabilities in Homematic Central Control Unit (CCU2) firmware version 2.31.25, Fibaro Home Center Lite firmware version 4.170, and eLAN-RF-003 firmware version 2.9.079.
Briefly, all these smart home devices had multiple security bugs. Upon exploitation, these bugs could lead to various consequences. As stated by the researchers,
What makes these bugs threatening is that these hubs are not only used at homes but also at small offices. Hence, the vulnerabilities pose risk to thousands of customers. Moreover, in the scenario of COVID-19 pandemic, when work-from-home is common, the vulnerabilities are even more threatening.
Upon finding these bugs, ESET Researchers quickly reached out to the vendors to report the flaws. Following their report, the vendors reacted differently in addressing these issues.
Briefly, eQ-3 patched all the issues within the specified disclosure period.