EUVD-2021-14054

Malware in sbrugna...

CVE-2021-27289

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12, where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attack...

CVE-2021-27289

The CVE-2021-27289 entry concerns a replay-attack weakness in a Zigbee-based Ksix smart home kit. Affected components are Zigbee Gateway Module v1.0.3, Door Sensor v1.0.7, and Motion Sensor v1.0.12. The root cause is an improper implementation of Zigbee’s anti-replay mechanism (frame counter-base...

CVE-2019-12500

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking...

Security Vulnerability in Internet-Connected Construction Cranes

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. "These devices...