Vulnerability Description
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abus | Secvest Wireless Control Fube50001 Firmware | - |
| Abus | Secvest Wireless Control Fube50001 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-DeviceThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Jun/26Third Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.tExploitThird Party Advisory
- https://www.youtube.com/watch?v=kCqAVYyahLcExploitThird Party Advisory
- http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-DeviceThird Party Advisory
- http://seclists.org/fulldisclosure/2020/Jun/26Third Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.tExploitThird Party Advisory
- https://www.youtube.com/watch?v=kCqAVYyahLcExploitThird Party Advisory
FAQ
What is CVE-2020-14157?
CVE-2020-14157 is a vulnerability with a CVSS score of 8.1 (HIGH). The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an ...
How severe is CVE-2020-14157?
CVE-2020-14157 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14157?
Check the references section above for vendor advisories and patch information. Affected products include: Abus Secvest Wireless Control Fube50001 Firmware, Abus Secvest Wireless Control Fube50001.