CVE Vulnerability

CVE-2019-9659

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659 Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-03-11 03:29

Updated : 2021-07-21 11:39

NVD link : CVE-2019-9659

Mitre link : CVE-2019-9659

Products Affected

Em8617 Ov2 Wifi Alarm System Firmware

Eminent

CWE
CWE-294

Authentication Bypass by Capture-replay