PT-2020-10927 · Simplisafe · Simplisafe Ss3

Published

2020-02-13

Updated

2020-02-25

CVE-2019-3998

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SimpliSafe SS3 firmware version 1.4

Description The issue allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to by using an alternate path or channel.

Recommendations For SimpliSafe SS3 firmware version 1.4, consider restricting access to the base station's network configuration until a patch is available. As a temporary workaround, limit the ability of local attackers to modify the Wi-Fi network settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-3998

Affected Products

Simplisafe Ss3

PT-2020-10927 · Simplisafe · Simplisafe Ss3

CVE-2019-3998

Weakness Enumeration

Related Identifiers

Affected Products

References · 4