CVE-2018-19025

Name of the Vulnerable Software and Affected Versions: JUUKO K-808 versions prior to numbers ending ...9A, ...9B, ...9C, etc.

Description: The issue allows remote attackers to execute commands on vulnerable installations of the equipment. No authentication is required to exploit this issue. The flaw lies in the handling of data between the transmitter and receiver. By using a fixed control code used for encoding data transmitted over radio frequency, an attacker can spoof unauthorized commands to the receiver. This can be used to send commands to physical equipment controlled by the device.

Recommendations: For versions prior to numbers ending ...9A, ...9B, ...9C, etc., consider restricting access to the device until a patch is available. As a temporary workaround, avoid using the fixed control code for encoding data transmitted over radio frequency until the issue is resolved.