Vulnerability CVE-2019-9861


Published: 2019-05-14

Description:
Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ABUS Secvest 3.01.01 Cryptographic Issues
Matthias Deeg
05.05.2019

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.8/10
4.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
ABUS -> Secvest wireless alarm system fuaa50000 firmware 

 References:
http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html
http://seclists.org/fulldisclosure/2019/May/3
https://seclists.org/bugtraq/2019/May/1
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt

Copyright 2020, cxsecurity.com

 

Back to Top