CVE-2020-14157

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
abussecvest_wireless_control_fube50001_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html
http://seclists.org/fulldisclosure/2020/Jun/26
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
https://www.youtube.com/watch?v=kCqAVYyahLc
http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html
http://seclists.org/fulldisclosure/2020/Jun/26
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
https://www.youtube.com/watch?v=kCqAVYyahLc