1. Home
  2. CVE Database
  3. CVE-2019-9659
CRITICAL · 9.1

CVE-2019-9659

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chu...

Vulnerability Description

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ChuangoWifi Alarm System Firmware-
ChuangoWifi Alarm System-
ChuangoWifi\/Cellular Smart Home System H4 Plus Firmware-
ChuangoWifi\/Cellular Smart Home System H4 Plus-
ChuangoAwv Plus Wifi Alarm System Firmware-
ChuangoAwv Plus Wifi Alarm System-
ChuangoG5W 3G Firmware-
ChuangoG5W 3G-
ChuangoG5 Plus Gsm\/Sms\/Rfid Touch Alarm System Firmware-
ChuangoG5 Plus Gsm\/Sms\/Rfid Touch Alarm System-
ChuangoG3 Gsm\/Sms Alarm System Firmware-
ChuangoG3 Gsm\/Sms Alarm System-
ChuangoB11 Dual-Network Alarm System Firmware-
ChuangoB11 Dual-Network Alarm System-
ChuangoA8 Pstn Alarm System Firmware-
ChuangoA8 Pstn Alarm System-
ChuangoA11 Pstn\/Lcd\/Rfid Touch Alarm System Firmware-
ChuangoA11 Pstn\/Lcd\/Rfid Touch Alarm System-
ChuangoCg-105S On-Site Alarm System Firmware-
ChuangoCg-105S On-Site Alarm System-

Related Weaknesses (CWE)

CWE-294

References

FAQ

What is CVE-2019-9659?

CVE-2019-9659 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chu...

How severe is CVE-2019-9659?

CVE-2019-9659 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-9659?

Check the references section above for vendor advisories and patch information. Affected products include: Chuango Wifi Alarm System Firmware, Chuango Wifi Alarm System, Chuango Wifi\/Cellular Smart Home System H4 Plus Firmware, Chuango Wifi\/Cellular Smart Home System H4 Plus, Chuango Awv Plus Wifi Alarm System Firmware.