CVE-2020-14157

Sažetak

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.

Reference

https://www.youtube.com/watch?v=kCqAVYyahLc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
http://seclists.org/fulldisclosure/2020/Jun/26
http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html

CVSS

Base:	4.8
Impact:	4.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

21-07-2021 - 11:39

Objavljeno

17-06-2020 - 20:15