PT-2023-27128 · Digoo · Digoo Dg-Hamb Smart Home Security System
Ash Allen
·
Published
2023-08-15
·
Updated
2023-08-22
·
CVE-2023-39842
CVSS v3.1
2.4
Low
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Digoo DG-HAMB Smart Home Security System version 1.0
Description
The issue is related to missing encryption in the RFID tag of the system, allowing attackers to create a cloned tag via brief physical proximity to the original device. This can be exploited to gain unauthorized access.
Recommendations
For Digoo DG-HAMB Smart Home Security System version 1.0, consider disabling the RFID tag functionality until a patch or fix is available to mitigate the risk of cloned tags being created. Restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Digoo Dg-Hamb Smart Home Security System