128 matches found
CVE-2023-50123
The number of attempts to bring the Hozard Alarm system alarmsystemen v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state...
CVE-2023-50126
Missing encryption in the RFID tags of the Hozard alarm system Alarmsysteem v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state...
CVE-2023-50123
The number of attempts to bring the Hozard Alarm system alarmsystemen v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state...
CVE-2023-50126
CVE-2023-50126 concerns the Hozard alarm system (Alarmsysteem) v1.0, where RFID tags lack encryption. The Root Cause is missing encryption on RFID tags, enabling an attacker in close proximity to clone a tag and disarm the system. Documented impact is a disarmed state without broader system compr...
CVE-2023-50123
The CVE-2023-50123 entry concerns the Hozard Alarm system v1.0, where there is no limit on attempts to disarm via SMS authentication. The connected documents confirm the affected product and the root cause (unbounded attempt count enabling brute force to disarm). The impact is high (confidentiali...
CVE-2023-50127
Hozard alarm system Alarmsysteem v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number...
CVE-2023-50126
Missing encryption in the RFID tags of the Hozard alarm system Alarmsysteem v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state...
CVE-2023-50125
The CVE concerns the Hozard Alarm system (Alarmsysteem) v1.0, where a default engineer password enables an attacker to disarm the system. Documents consistently describe the root cause as the use of a default credentials credential, leading to potential unauthorized disarming. Reported impact is ...
CVE-2023-50127
Hozard alarm system Alarmsysteem v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number...
Hozard Alarm system security breach
Hozard alarm system is an alarm system from Hozard. The Hozard Alarm system has a security vulnerability that stems from the lack of encryption of RFID tags...
CVE-2023-50127
CVE-2023-50127 affects the Hozard alarm system (Alarmsysteem) v1.0 and is caused by an Improper Authentication flaw where SMS commands are accepted from random phone numbers, enabling an attacker to disarm the system from any number. Practical impact described across sources includes the ability ...
A week in security (November 13 – November 19)
Last week on Malwarebytes Labs: Signal is testing usernames so you don’t have to share your phone number State of Maine data breach impacts 1.3 million people Credit card skimming on the rise for the holiday shopping season Update now! Microsoft patches 3 actively exploited zero-days Ransomware...
CVE-2023-31759
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack...
CVE-2023-31759
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack...
CVE-2023-31759
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack...
CVE-2023-31759
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack...
CVE-2023-31759
CVE-2023-31759 affects the Kerui W18 Alarm System v1.0, specifically the 433MHz keyfob. The vulnerability enables a code replay attack to gain full system access, as described in multiple connected sources. The CVSS v3.1 metrics indicate an adjacent attack vector, high complexity, no privileges o...
PT-2023-23452 · Kerui · Kerui W18 Alarm System
Name of the Vulnerable Software and Affected Versions: Kerui W18 Alarm System version 1.0 Description: The issue concerns weak security in the 433MHz keyfob of the Kerui W18 Alarm System, allowing attackers to gain full access via a code replay attack. Recommendations: For Kerui W18 Alarm System...
CVE-2021-40171
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BGU-ITR-F1-BDBL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system...
CVE-2021-40171
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BGU-ITR-F1-BDBL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system...