CVE-2020-14158

Published: Jul 30, 2020Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks.

Affected (1)

Products: Abus: Secvest Hybrid Fumo50110 Firmware

Abus

1 product

Secvest Hybrid Fumo50110 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Abus Secvest Hybrid Fumo50110 Firmware	All versions

Running on/with	Platform Versions
Abus Secvest Hybrid Fumo50110	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://packetstormsecurity.com/files/158692/ABUS-Secvest-Hybrid-Module-FUMO50110-Authentication-Bypass.html

Source: cve@mitre.org

Third Party Advisory

http://seclists.org/fulldisclosure/2020/Jul/36

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.txt

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/158692/ABUS-Secvest-Hybrid-Module-FUMO50110-Authentication-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2020/Jul/36

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.