9.1
CVE-2019-9659
- EPSS 0.28%
- Veröffentlicht 11.03.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:52:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Chuango ≫ Wifi Alarm System Firmware Version-
Chuango ≫ Awv Plus Wifi Alarm System Firmware Version-
Chuango ≫ G5w 3g Firmware Version-
Chuango ≫ G3 Gsm/sms Alarm System Firmware Version-
Chuango ≫ G5w 3g Firmware Version-
Chuango ≫ B11 Dual-network Alarm System Firmware Version-
Chuango ≫ A8 Pstn Alarm System Firmware Version-
Chuango ≫ Cg-105s On-site Alarm System Firmware Version-
Eminent ≫ Em8617 Ov2 Wifi Alarm System Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.484 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).