CVE-2020-14158

Опубликовано: 30 июл. 2020

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks.

Ссылки

http://packetstormsecurity.com/files/158692/ABUS-Secvest-Hybrid-Module-FUMO50110-Authentication-Bypass.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/36
Mailing List
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.txt
Third Party Advisory
http://packetstormsecurity.com/files/158692/ABUS-Secvest-Hybrid-Module-FUMO50110-Authentication-Bypass.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/36
Mailing List
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.txt
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abus:secvest_hybrid_fumo50110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abus:secvest_hybrid_fumo50110:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.0037

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-4vh5-9j7r-fhh8

github

больше 3 лет назад