CVE-2021-40170

Published: Dec 15, 2021Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 1.6 / Impact: 5.2

Source: NVD

Description

An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system.

Affected (1)

Products: Securitashome: Securitashome Alarm System Firmware

1 product

Securitashome Alarm System Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Securitashome Securitashome Alarm System Firmware	Version hpgw-g_0.0.2.23f_bg_u-itr-f1-bd_bl.a30.20181117

Running on/with	Platform Versions
Securitashome Securitashome Alarm System	All versions

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (4)

https://www.diva-portal.org/smash/get/diva2:1600180/FULLTEXT04.pdf

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://www.securitashome.se/product.html/securitashome

Source: cve@mitre.org

Vendor Advisory

https://www.diva-portal.org/smash/get/diva2:1600180/FULLTEXT04.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://www.securitashome.se/product.html/securitashome

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.