PT-2023-20863 · Yale · Yale Ia-210 Alarm

Alexios Mylonas

Publicado

2023-12-04

Atualizado

2024-01-16

CVE-2023-26942

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Yale IA-210 Alarm version 1.0

Description The issue is related to weak encryption mechanisms in RFID Tags, allowing attackers to create a cloned tag via physical proximity to the original.

Recommendations For Yale IA-210 Alarm version 1.0, consider implementing additional security measures to prevent unauthorized access, such as restricting physical proximity to the original tag or using alternative authentication methods until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

CVE-2023-26942

Produtos afetados

Yale Ia-210 Alarm

PT-2023-20863 · Yale · Yale Ia-210 Alarm

CVE-2023-26942

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7