An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).
References
| Link | Resource |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt | Exploit Third Party Advisory |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Information
Published : 2019-03-27 07:29
Updated : 2020-08-24 10:37
NVD link : CVE-2019-9862
Mitre link : CVE-2019-9862
JSON object : View
CWE
CWE-311
Missing Encryption of Sensitive Data
Advertisement
Products Affected
abus
- secvest_wireless_alarm_system_fuaa50000_firmware
- secvest_wireless_remote_control_fube50014
- secvest_wireless_remote_control_fube50015
- secvest_wireless_remote_control_fube50015_firmware
- secvest_wireless_alarm_system_fuaa50000
- secvest_wireless_remote_control_fube50014_firmware