PT-2024-13862 · Unknown · Hozard Alarm System

Published

2024-01-11

Updated

2024-01-19

CVE-2023-50123

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hozard Alarm system version 1.0

Description The issue is related to the lack of limitation on the number of attempts to bring the Hozard Alarm system to a disarmed state. This could allow an attacker to perform a brute force attack on the SMS authentication, potentially bringing the alarm system to a disarmed state.

Recommendations For Hozard Alarm system version 1.0, consider implementing a limit on the number of attempts to bring the system to a disarmed state to prevent brute force attacks on the SMS authentication. As a temporary workaround, restrict access to the SMS authentication feature until a patch is available.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2023-50123

Affected Products

Hozard Alarm System

PT-2024-13862 · Unknown · Hozard Alarm System

CVE-2023-50123

Weakness Enumeration

Related Identifiers

Affected Products

References · 6