Vulnerability CVE-2019-9860


Published: 2019-03-27

Description:
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.

Type:

CWE-332

(Insufficient Entropy in PRNG)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
ABUS -> Secvest wireless alarm system fuaa50000 firmware 
ABUS -> Secvest wireless remote control fube50014 firmware 
ABUS -> Secvest wireless remote control fube50015 firmware 

 References:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt

Copyright 2024, cxsecurity.com

 

Back to Top