← Back

CVE-2019-9860

nvd nist
Published: Mar 27, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.

Affected (3)

Abus
3 products
Secvest Wireless Alarm System Fuaa50000 Firmware
Secvest Wireless Remote Control Fube50014 Firmware
Secvest Wireless Remote Control Fube50015 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Secvest Wireless Alarm System Fuaa50000 Firmware
Version 3.01.01
Running on/withPlatform Versions
Abus
Secvest Wireless Alarm System Fuaa50000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Secvest Wireless Remote Control Fube50014 Firmware
All versions
Running on/withPlatform Versions
Abus
Secvest Wireless Remote Control Fube50014
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Secvest Wireless Remote Control Fube50015 Firmware
All versions
Running on/withPlatform Versions
Abus
Secvest Wireless Remote Control Fube50015
All versions

Related CWEs

CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.