Vulnerability Description
Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abus | Secvest Wireless Alarm System Fuaa50000 Firmware | 3.01.01 |
| Abus | Secvest Wireless Alarm System Fuaa50000 | - |
| Abus | Secvest Wireless Remote Control Fube50014 Firmware | - |
| Abus | Secvest Wireless Remote Control Fube50014 | - |
| Abus | Secvest Wireless Remote Control Fube50015 Firmware | - |
| Abus | Secvest Wireless Remote Control Fube50015 | - |
Related Weaknesses (CWE)
References
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.tThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.tThird Party Advisory
FAQ
What is CVE-2019-9860?
CVE-2019-9860 is a vulnerability with a CVSS score of 7.5 (HIGH). Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled...
How severe is CVE-2019-9860?
CVE-2019-9860 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9860?
Check the references section above for vendor advisories and patch information. Affected products include: Abus Secvest Wireless Alarm System Fuaa50000 Firmware, Abus Secvest Wireless Alarm System Fuaa50000, Abus Secvest Wireless Remote Control Fube50014 Firmware, Abus Secvest Wireless Remote Control Fube50014, Abus Secvest Wireless Remote Control Fube50015 Firmware.