Описание
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hozard:alarm_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00194
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 5.9
github
около 2 лет назад
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number.
EPSS
Процентиль: 41%
0.00194
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-287
CWE-287