PT-2019-19895 · Abus · Abus Secvest Wireless Remote Control+1
Publicado
2019-03-27
·
Atualizado
2021-07-21
·
CVE-2019-9860
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ABUS Secvest wireless alarm system FUAA50000 version 3.01.01
ABUS Secvest wireless remote control versions FUBE50014 or FUBE50015
Description
The issue arises from unencrypted signal communication and the predictability of rolling codes in the ABUS Secvest wireless remote control. This allows an attacker to "desynchronize" the remote control relative to its controlled Secvest wireless alarm system. As a result, commands sent by the remote control are no longer accepted.
Recommendations
For ABUS Secvest wireless alarm system FUAA50000 version 3.01.01, consider updating the system to a version that addresses the unencrypted signal communication and rolling code predictability issues.
For ABUS Secvest wireless remote control versions FUBE50014 or FUBE50015, restrict the use of these remote controls until a secure update or replacement is available.
Correção
Cleartext Transmission of Sensitive Information
Use of Insufficiently Random Values
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Abus Secvest Wireless Alarm System
Abus Secvest Wireless Remote Control