PT-2019-19895 · Abus · Abus Secvest Wireless Remote Control+1
Published
2019-03-27
·
Updated
2021-07-21
·
CVE-2019-9860
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ABUS Secvest wireless alarm system FUAA50000 version 3.01.01
ABUS Secvest wireless remote control versions FUBE50014 or FUBE50015
Description
The issue arises from unencrypted signal communication and the predictability of rolling codes in the ABUS Secvest wireless remote control. This allows an attacker to "desynchronize" the remote control relative to its controlled Secvest wireless alarm system. As a result, commands sent by the remote control are no longer accepted.
Recommendations
For ABUS Secvest wireless alarm system FUAA50000 version 3.01.01, consider updating the system to a version that addresses the unencrypted signal communication and rolling code predictability issues.
For ABUS Secvest wireless remote control versions FUBE50014 or FUBE50015, restrict the use of these remote controls until a secure update or replacement is available.
Fix
Cleartext Transmission of Sensitive Information
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abus Secvest Wireless Alarm System
Abus Secvest Wireless Remote Control