← Back

CVE-2019-9862

nvd nist
Published: Mar 27, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).

Affected (3)

Abus
3 products
Secvest Wireless Alarm System Fuaa50000 Firmware
Secvest Wireless Remote Control Fube50014 Firmware
Secvest Wireless Remote Control Fube50015 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Secvest Wireless Alarm System Fuaa50000 Firmware
Version 3.01.01
Running on/withPlatform Versions
Abus
Secvest Wireless Alarm System Fuaa50000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Secvest Wireless Remote Control Fube50014 Firmware
All versions
Running on/withPlatform Versions
Abus
Secvest Wireless Remote Control Fube50014
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Secvest Wireless Remote Control Fube50015 Firmware
All versions
Running on/withPlatform Versions
Abus
Secvest Wireless Remote Control Fube50015
All versions

Related CWEs

CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.