CVE-2020-14157

Опубликовано: 17 июн. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 4.8

EPSS Низкий

Описание

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.

Ссылки

http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jun/26
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=kCqAVYyahLc
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jun/26
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=kCqAVYyahLc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:secvest_wireless_control_fube50001:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

8.1 High

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-8329-73v4-x45c

github

больше 3 лет назад