Vulnerability-Lookup

CVE-2020-14157 (GCVE-0-2020-14157)

Vulnerability from cvelistv5 – Published: 2020-06-17 19:27 – Updated: 2024-08-04 12:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.syss.de/fileadmin/dokumente/Publikati…	x_refsource_MISC
	https://www.youtube.com/watch?v=kCqAVYyahLc	x_refsource_MISC
	http://seclists.org/fulldisclosure/2020/Jun/26	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/158204/ABUS-…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:35.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
          },
          {
            "name": "20200623 [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-23T22:06:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
        },
        {
          "name": "20200623 [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14157",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
            },
            {
              "name": "https://www.youtube.com/watch?v=kCqAVYyahLc",
              "refsource": "MISC",
              "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
            },
            {
              "name": "20200623 [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
            },
            {
              "name": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14157",
    "datePublished": "2020-06-17T19:27:57.000Z",
    "dateReserved": "2020-06-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:39:35.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-14157",
      "date": "2026-05-09",
      "epss": "0.00098",
      "percentile": "0.26677"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF98EA46-420F-4C38-AA1B-4872263F1F91\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:abus:secvest_wireless_control_fube50001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E0F6799-5F51-4E47-83B0-FBD224E5339F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad de comunicaci\\u00f3n inal\\u00e1mbrica del dispositivo ABUS Secvest FUBE50001, no cifra datos confidenciales como c\\u00f3digos PIN o ID de claves de chip de proximidad usadas (tokens RFID). Esto facilita a que un atacante desarme el sistema de alarma inal\\u00e1mbrico\"}]",
      "id": "CVE-2020-14157",
      "lastModified": "2024-11-21T05:02:45.830",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 4.8, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-17T20:15:10.057",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Jun/26\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.youtube.com/watch?v=kCqAVYyahLc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Jun/26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.youtube.com/watch?v=kCqAVYyahLc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-14157\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-17T20:15:10.057\",\"lastModified\":\"2024-11-21T05:02:45.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de comunicaci\u00f3n inal\u00e1mbrica del dispositivo ABUS Secvest FUBE50001, no cifra datos confidenciales como c\u00f3digos PIN o ID de claves de chip de proximidad usadas (tokens RFID). Esto facilita a que un atacante desarme el sistema de alarma inal\u00e1mbrico\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":4.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF98EA46-420F-4C38-AA1B-4872263F1F91\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abus:secvest_wireless_control_fube50001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E0F6799-5F51-4E47-83B0-FBD224E5339F\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Jun/26\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=kCqAVYyahLc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Jun/26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.youtube.com/watch?v=kCqAVYyahLc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

VAR-202006-0224

Vulnerability from variot - Updated: 2023-12-18 13:01

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. ABUS Secvest FUBE50001 The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. ABUS Secvest FUBE50001 is a wireless control unit of German ABUS company.

There is a security loophole in the wireless communication function of the ABUS Secvest FUBE50001 device, which is caused by the program not encrypting sensitive data. Advisory ID: SYSS-2020-014 Product: ABUS Secvest Wireless Control Device (FUBE50001) Manufacturer: ABUS Affected Version(s): N/A Tested Version(s): N/A Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Solution Status: Open Manufacturer Notification: 2020-04-03 Solution Date: - Public Disclosure: 2020-06-17 CVE Reference: CVE-2020-14157 Authors of Advisory: Michael Rüttgers, Thomas Detert, Matthias Deeg (SySS GmbH)


Overview:

ABUS Secvest Wireless Control Device (FUBE50001) is a wireless control
panel for the ABUS Secvest wireless alarm system. 

Some of the device features as described by the manufacturer are
(see [1]):

"
* Easy operation via code or proximity keyfob
  The Secvest wireless control panel is an optional Secvest accessory. 
  Every wireless control panel can be operated from your system via PIN
  code. It is possible to arm and disarm the panel via proximity keyfob. 

* Flexible use in entrance areas
  Up to 8 control panels can be integrated into the alarm system. These
  additional modules can be placed in various areas of the building. 
  This provides added convenience for you, because Secvest can be armed
  and disarmed directly on the wireless control panel, without the need
  to go back to the central alarm panel every time. 
  In addition to internal arming or arming individual sub-areas, you can
  also switch a single output, such as the garage door, if desired. 

* Secure wireless communication
  Thanks to a secure wireless communication procedure, this product is
  protected against ‘replay attacks’, as are the Secvest wireless alarm
  system and Secvest Touch alarm systems. This procedure for preventing
  third-party tampering exceeds the requirements of the “DIN EN 50131-1
  level 2” security standard. 

Thus, an attacker observing radio signals of an ABUS FUBE50001
wireless control panel is able to see all sensitive data of transmitted
packets as cleartext and can analyze the used packet format and the
communication protocol. 

By knowing the correct PIN code or the ID of a valid ABUS Secvest
proximity chip key, an attacker is able to disarm the wireless alarm
system in an unauthorized way.

Proof of Concept (PoC):

Michael Rüttgers, Thomas Detert, and Matthias Deeg developed different PoC software tools, either for the RFCat-based radio dongle YARD Stick One [3] in one version, or the GreatFet One neighbor Erica [4] in another one, that allowed sniffing out used PIN codes or used proximity chip key IDs when eavesdropping on the FUBE50001 wireless communication.

The following output exemplarily shows a successful PIN code sniffing attack:

[] Listening for ABUS FUBE50001 packets ... [] Received packet: f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f333333333117162f5 [] Decoded packet : da0a077ed5c549888800626b [] Received packet: f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaaccccd2ab32aab54d30f0f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaa [] Decoded packet : da86937707e4884040a0c8ecff005e1fb9 [] Detected FUBE50001 packet with FUBE50001 PIN [+] Sniffed PIN code: 1337 (...)

An example of a successful sniffing attack regarding the ID of an ABUS proximity chip key is illustrated in the following output:

[] Listening for ABUS FUBE50001 packets ... [] Received packet: f0f352b4b332b2cad52accd554d34cb32cccd33332b34ab2cd2b2d4ad32ad2aacaacd32b30f0f0f3057c0764bf788b6ce7d0de43f6c1cb71e7374b7bd7c7a1abe567 [] Decoded packet: da81937707e488404018b9165b475f3c46 [] Detected FUBE50001 packet with proximity token ID [+] Sniffed proximity chip key ID: 3805964445 (...)

The described sniffing attacks are also demonstrated in the SySS Proof-of-Concept Video titled "ABUS Secvest Sniffing Attack" which is available on the SySS YouTube Channel [8].


Solution:

SySS GmbH is not aware of a solution for this reported security
vulnerability.

Disclosure Timeline:

2020-04-03: Vulnerability reported to manufacturer 2020-06-17: Public release of security advisory


References:

[1] Product website for ABUS Secvest wireless control device

https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Control-Device
[2] SySS Security Advisory SYSS-2018-035

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[3] Product website YARD Stick One
    https://greatscottgadgets.com/yardstickone/
[4] GreatFET One neighbor Erica targeting the 315/433/868/915 MHz
freqency bands
    https://github.com/AsFaBw/erica
[5] GreatFET wiki
    https://github.com/greatscottgadgets/greatfet/wiki
[6] SySS Security Advisory SYSS-2020-014

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
[7] SySS GmbH, SySS Responsible Disclosure Policy
    https://www.syss.de/en/news/responsible-disclosure-policy/
[8] SySS Proof of Concept Video: ABUS Secvest Sniffing Attack
    https://www.youtube.com/watch?v=kCqAVYyahLc

Credits:

This security vulnerability was found by Michael Rüttgers and Thomas Detert.

Mr. Rüttgers and Mr. Detert reported this finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.

E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB


Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS website.

Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0224",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secvest wireless control fube50001",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest wireless remote control fube50001",
        "scope": null,
        "trust": 0.8,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest fube50001",
        "scope": null,
        "trust": 0.6,
        "vendor": "abus",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_control_fube50001:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Thomas Detert, Michael Ruttgers",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158204"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-14157",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006935",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2021-20276",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006935",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-14157",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006935",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-20276",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-1196",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. ABUS Secvest FUBE50001 The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. ABUS Secvest FUBE50001 is a wireless control unit of German ABUS company. \n\r\n\r\nThere is a security loophole in the wireless communication function of the ABUS Secvest FUBE50001 device, which is caused by the program not encrypting sensitive data. Advisory ID: SYSS-2020-014\nProduct: ABUS Secvest Wireless Control Device (FUBE50001)\nManufacturer: ABUS\nAffected Version(s): N/A\nTested Version(s): N/A\nVulnerability Type: Missing Encryption of Sensitive Data (CWE-311)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2020-04-03\nSolution Date: -\nPublic Disclosure: 2020-06-17\nCVE Reference: CVE-2020-14157\nAuthors of Advisory: Michael R\u00fcttgers, Thomas Detert,\n                     Matthias Deeg (SySS GmbH)\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest Wireless Control Device (FUBE50001) is a wireless control\npanel for the ABUS Secvest wireless alarm system. \n\nSome of the device features as described by the manufacturer are\n(see [1]):\n\n\"\n* Easy operation via code or proximity keyfob\n  The Secvest wireless control panel is an optional Secvest accessory. \n  Every wireless control panel can be operated from your system via PIN\n  code. It is possible to arm and disarm the panel via proximity keyfob. \n\n* Flexible use in entrance areas\n  Up to 8 control panels can be integrated into the alarm system. These\n  additional modules can be placed in various areas of the building. \n  This provides added convenience for you, because Secvest can be armed\n  and disarmed directly on the wireless control panel, without the need\n  to go back to the central alarm panel every time. \n  In addition to internal arming or arming individual sub-areas, you can\n  also switch a single output, such as the garage door, if desired. \n\n* Secure wireless communication\n  Thanks to a secure wireless communication procedure, this product is\n  protected against \u2018replay attacks\u2019, as are the Secvest wireless alarm\n  system and Secvest Touch alarm systems. This procedure for preventing\n  third-party tampering exceeds the requirements of the \u201cDIN EN 50131-1\n  level 2\u201d security standard. \n\nThus, an attacker observing radio signals of an ABUS FUBE50001\nwireless control panel is able to see all sensitive data of transmitted\npackets as cleartext and can analyze the used packet format and the\ncommunication protocol. \n\nBy knowing the correct PIN code or the ID of a valid ABUS Secvest\nproximity chip key, an attacker is able to disarm the wireless alarm\nsystem in an unauthorized way. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nMichael R\u00fcttgers, Thomas Detert, and Matthias Deeg developed different\nPoC software tools, either for the RFCat-based radio dongle YARD Stick\nOne [3] in one version, or the GreatFet One neighbor Erica [4] in another\none, that allowed sniffing out used PIN codes or used proximity chip key\nIDs when eavesdropping on the FUBE50001 wireless communication. \n\nThe following output exemplarily shows a successful PIN code sniffing\nattack:\n\n$ python2 abus_fube50001_pin_sniffer.py\nABUS Secvest FUBE50001 PIN Code Sniffer PoC - SySS GmbH (c) 2020\nby Thomas Detert, Michael R\u00fcttgers, and Matthias Deeg\n---\n[*] Listening for ABUS FUBE50001 packets ... \n[*] Received packet:\nf0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f333333333117162f5\n[*] Decoded packet : da0a077ed5c549888800626b\n[*] Received packet:\nf0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaaccccd2ab32aab54d30f0f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaa\n[*] Decoded packet : da86937707e4884040a0c8ecff005e1fb9\n[*] Detected FUBE50001 packet with FUBE50001 PIN\n[+] Sniffed PIN code: 1337\n(...)\n\nAn example of a successful sniffing attack regarding the ID of an ABUS\nproximity chip key is illustrated in the following output:\n\n$ python2 abus_fube50001_chip_key_id_sniffer.py\nABUS Secvest FUBE50001 Proximity Chip Key ID Sniffer PoC - SySS GmbH (c)\n2020\nby Thomas Detert, Michael R\u00fcttgers, and Matthias Deeg\n---\n[*] Listening for ABUS FUBE50001 packets ... \n[*] Received packet:\nf0f352b4b332b2cad52accd554d34cb32cccd33332b34ab2cd2b2d4ad32ad2aacaacd32b30f0f0f3057c0764bf788b6ce7d0de43f6c1cb71e7374b7bd7c7a1abe567\n[*] Decoded packet: da81937707e488404018b9165b475f3c46\n[*] Detected FUBE50001 packet with proximity token ID\n[+] Sniffed proximity chip key ID: 3805964445\n(...)\n\n\nThe described sniffing attacks are also demonstrated in the SySS\nProof-of-Concept Video titled \"ABUS Secvest Sniffing Attack\" which is\navailable on the SySS YouTube Channel [8]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2020-04-03: Vulnerability reported to manufacturer\n2020-06-17: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless control device\n\nhttps://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Control-Device\n[2] SySS Security Advisory SYSS-2018-035\n\nhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[3] Product website YARD Stick One\n    https://greatscottgadgets.com/yardstickone/\n[4] GreatFET One neighbor Erica targeting the 315/433/868/915 MHz\nfreqency bands\n    https://github.com/AsFaBw/erica\n[5] GreatFET wiki\n    https://github.com/greatscottgadgets/greatfet/wiki\n[6] SySS Security Advisory SYSS-2020-014\n\nhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt\n[7] SySS GmbH, SySS Responsible Disclosure Policy\n    https://www.syss.de/en/news/responsible-disclosure-policy/\n[8] SySS Proof of Concept Video: ABUS Secvest Sniffing Attack\n    https://www.youtube.com/watch?v=kCqAVYyahLc\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Michael R\u00fcttgers and Thomas\nDetert. \n\nMr. R\u00fcttgers and Mr. Detert reported this finding to SySS GmbH where it\nwas verified and later reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key:\nhttps://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS website. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "db": "PACKETSTORM",
        "id": "158204"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-14157",
        "trust": 3.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158204",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "47348",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "db": "PACKETSTORM",
        "id": "158204"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ]
  },
  "id": "VAR-202006-0224",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:01:44.492000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.abus.com/eng"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2020-014.txt"
      },
      {
        "trust": 2.2,
        "url": "http://packetstormsecurity.com/files/158204/abus-secvest-wireless-control-device-missing-encryption.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.youtube.com/watch?v=kcqavyyahlc"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2020/jun/26"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14157"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14157"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47348"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by/3.0/deed.en"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/secvest-wireless-control-device"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/asfabw/erica"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/greatscottgadgets/greatfet/wiki"
      },
      {
        "trust": 0.1,
        "url": "https://greatscottgadgets.com/yardstickone/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "db": "PACKETSTORM",
        "id": "158204"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "db": "PACKETSTORM",
        "id": "158204"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-14157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "date": "2020-06-23T21:28:06",
        "db": "PACKETSTORM",
        "id": "158204"
      },
      {
        "date": "2020-06-17T20:15:10.057000",
        "db": "NVD",
        "id": "CVE-2020-14157"
      },
      {
        "date": "2020-06-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006935"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2020-14157"
      },
      {
        "date": "2020-07-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABUS Secvest FUBE50001 Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-20276"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-1196"
      }
    ],
    "trust": 0.6
  }
}

GSD-2020-14157

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-14157

Aliases

CVE-2020-14157

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-14157",
    "description": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.",
    "id": "GSD-2020-14157"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-14157"
      ],
      "details": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.",
      "id": "GSD-2020-14157",
      "modified": "2023-12-13T01:21:59.845616Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-14157",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt",
            "refsource": "MISC",
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
          },
          {
            "name": "https://www.youtube.com/watch?v=kCqAVYyahLc",
            "refsource": "MISC",
            "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
          },
          {
            "name": "20200623 [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
          },
          {
            "name": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_control_fube50001:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14157"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.youtube.com/watch?v=kCqAVYyahLc",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
            },
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
            },
            {
              "name": "20200623 [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)",
              "refsource": "FULLDISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
            },
            {
              "name": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-06-17T20:15Z"
    }
  }
}

FKIE_CVE-2020-14157

Vulnerability from fkie_nvd - Published: 2020-06-17 20:15 - Updated: 2024-11-21 05:02

Severity ?

8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html	Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Jun/26	Third Party Advisory
cve@mitre.org	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt	Exploit, Third Party Advisory
cve@mitre.org	https://www.youtube.com/watch?v=kCqAVYyahLc	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Jun/26	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.youtube.com/watch?v=kCqAVYyahLc	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	abus	secvest_wireless_control_fube50001_firmware	-
	abus	secvest_wireless_control_fube50001	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF98EA46-420F-4C38-AA1B-4872263F1F91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abus:secvest_wireless_control_fube50001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E0F6799-5F51-4E47-83B0-FBD224E5339F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de comunicaci\u00f3n inal\u00e1mbrica del dispositivo ABUS Secvest FUBE50001, no cifra datos confidenciales como c\u00f3digos PIN o ID de claves de chip de proximidad usadas (tokens RFID). Esto facilita a que un atacante desarme el sistema de alarma inal\u00e1mbrico"
    }
  ],
  "id": "CVE-2020-14157",
  "lastModified": "2024-11-21T05:02:45.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-17T20:15:10.057",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-20276

Vulnerability from cnvd - Published: 2021-03-19

Title

ABUS Secvest FUBE50001信息泄露漏洞

Description

ABUS Secvest FUBE50001是德国ABUS公司的一款无线控制单元。 ABUS Secvest FUBE50001设备的无线通信功能中存在安全漏洞，该漏洞源于程序未加密敏感数据。攻击者可利用该漏洞解除无线警报系统。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://www.abus.com/

Reference

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt

Impacted products

Name
ABUS ABUS Secvest FUBE50001

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-14157"
    }
  },
  "description": "ABUS Secvest FUBE50001\u662f\u5fb7\u56fdABUS\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u63a7\u5236\u5355\u5143\u3002\n\nABUS Secvest FUBE50001\u8bbe\u5907\u7684\u65e0\u7ebf\u901a\u4fe1\u529f\u80fd\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u52a0\u5bc6\u654f\u611f\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u9664\u65e0\u7ebf\u8b66\u62a5\u7cfb\u7edf\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.abus.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-20276",
  "openTime": "2021-03-19",
  "products": {
    "product": "ABUS ABUS Secvest FUBE50001"
  },
  "referenceLink": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-18",
  "title": "ABUS Secvest FUBE50001\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-8329-73V4-X45C

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-14157"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-17T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.",
  "id": "GHSA-8329-73v4-x45c",
  "modified": "2022-05-24T17:20:46Z",
  "published": "2022-05-24T17:20:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14157"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=kCqAVYyahLc"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Jun/26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-14157 (GCVE-0-2020-14157)

VAR-202006-0224

GSD-2020-14157

FKIE_CVE-2020-14157

CNVD-2021-20276

GHSA-8329-73V4-X45C

Tags

Sightings

Nomenclature