PT-2020-20728 · Rubetek · Rubetek Smarthome 2020

Ilya Shaposhnikov

Published

2020-03-04

Updated

2020-03-06

CVE-2020-9550

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rubetek SmartHome 2020 devices

Description The issue concerns the use of unencrypted 433 MHz communication between controllers and beacons in Rubetek SmartHome 2020 devices. This allows an attacker to remotely sniff and spoof beacon requests.

Recommendations For Rubetek SmartHome 2020 devices, consider implementing encryption for the 433 MHz communication between controllers and beacons to prevent sniffing and spoofing of beacon requests.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-9550

Affected Products

Rubetek Smarthome 2020

PT-2020-20728 · Rubetek · Rubetek Smarthome 2020

CVE-2020-9550

Weakness Enumeration

Related Identifiers

Affected Products

References · 4