CVE-2020-14158 — CRITICAL (9.1)

Vulnerability Description

The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Abus	Secvest Hybrid Fumo50110 Firmware	-
Abus	Secvest Hybrid Fumo50110	-

Related Weaknesses (CWE)

CWE-287

References

http://packetstormsecurity.com/files/158692/ABUS-Secvest-Hybrid-Module-FUMO50110Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/36Mailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.tThird Party Advisory
http://packetstormsecurity.com/files/158692/ABUS-Secvest-Hybrid-Module-FUMO50110Third Party Advisory
http://seclists.org/fulldisclosure/2020/Jul/36Mailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.tThird Party Advisory

FAQ

What is CVE-2020-14158?

CVE-2020-14158 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to co...

How severe is CVE-2020-14158?

CVE-2020-14158 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-14158?

Check the references section above for vendor advisories and patch information. Affected products include: Abus Secvest Hybrid Fumo50110 Firmware, Abus Secvest Hybrid Fumo50110.