Vulnerability CVE-2020-14158


Published: 2020-07-30

Description:
The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass
Matthias Deeg
01.08.2020

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://packetstormsecurity.com/files/158692/ABUS-Secvest-Hybrid-Module-FUMO50110-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2020/Jul/36
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.txt

Copyright 2020, cxsecurity.com

 

Back to Top