Vulnerability-Lookup

CVE-2019-9861 (GCVE-0-2019-9861)

Vulnerability from cvelistv5 – Published: 2019-05-14 16:03 – Updated: 2024-08-04 22:01

Summary

Severity

8.1 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Assigner

mitre

References

4 references

URL	Tags
https://www.syss.de/fileadmin/dokumente/Publikati…	x_refsource_MISC
https://seclists.org/bugtraq/2019/May/1	mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/152714/ABUS-…	x_refsource_MISC
http://seclists.org/fulldisclosure/2019/May/3	mailing-listx_refsource_FULLDISC

Date Public

2019-05-02 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:01:55.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
          },
          {
            "name": "20190503 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
          },
          {
            "name": "20190504 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-05-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-14T16:03:38.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
        },
        {
          "name": "20190503 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
        },
        {
          "name": "20190504 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9861",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
            },
            {
              "name": "20190503 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/1"
            },
            {
              "name": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
            },
            {
              "name": "20190504 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/May/3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-9861",
    "datePublished": "2019-05-14T16:03:38.000Z",
    "dateReserved": "2019-03-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:01:55.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-9861",
      "date": "2026-06-24",
      "epss": "0.01592",
      "percentile": "0.7254"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C5A31E7-5281-4EDC-9CC5-A887857BB6B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD534B70-3FA6-4712-A30E-A9BEEB9A91CB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.\"}, {\"lang\": \"es\", \"value\": \"Producto del uso de una tecnolog\\u00eda RFID no segura (MIFARE Classic), las claves de chip de proximidad ABUS (tokens RFID) del sistema de alarma inalambrico de ABUS Secvest FUAA50000 pueden clonarse f\\u00e1cilmente y utilizarse para desactivar el sistema de alarma de forma no autorizada.\"}]",
      "id": "CVE-2019-9861",
      "lastModified": "2024-11-21T04:52:27.510",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 4.8, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-05-14T17:29:08.397",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9861\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-14T17:29:08.397\",\"lastModified\":\"2024-11-21T04:52:27.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.\"},{\"lang\":\"es\",\"value\":\"Producto del uso de una tecnolog\u00eda RFID no segura (MIFARE Classic), las claves de chip de proximidad ABUS (tokens RFID) del sistema de alarma inalambrico de ABUS Secvest FUAA50000 pueden clonarse f\u00e1cilmente y utilizarse para desactivar el sistema de alarma de forma no autorizada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":4.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5A31E7-5281-4EDC-9CC5-A887857BB6B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD534B70-3FA6-4712-A30E-A9BEEB9A91CB\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-15916

Vulnerability from cnvd - Published: 2019-05-30

Title

ABUS Secvest加密问题漏洞

Description

ABUS Secvest FUAA50000是德国ABUS公司的一款无线遥控器。使用3.01.01版本固件的ABUS Secvest FUAA50000中存在加密问题漏洞。该漏洞源于网络系统或产品未正确使用相关密码算法，导致内容未正确加密、弱加密、明文存储敏感信息等。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.abus.com/

Reference

https://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html

Impacted products

Name
ABUS ABUS Secvest FUAA50000 3.01.01

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-9861"
    }
  },
  "description": "ABUS Secvest FUAA50000\u662f\u5fb7\u56fdABUS\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u9065\u63a7\u5668\u3002\n\n\u4f7f\u75283.01.01\u7248\u672c\u56fa\u4ef6\u7684ABUS Secvest FUAA50000\u4e2d\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u4f7f\u7528\u76f8\u5173\u5bc6\u7801\u7b97\u6cd5\uff0c\u5bfc\u81f4\u5185\u5bb9\u672a\u6b63\u786e\u52a0\u5bc6\u3001\u5f31\u52a0\u5bc6\u3001\u660e\u6587\u5b58\u50a8\u654f\u611f\u4fe1\u606f\u7b49\u3002",
  "discovererName": "Matthias Deeg",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.abus.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-15916",
  "openTime": "2019-05-30",
  "products": {
    "product": "ABUS ABUS Secvest FUAA50000 3.01.01"
  },
  "referenceLink": "https://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-05-06",
  "title": "ABUS Secvest\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2019-9861

Vulnerability from fkie_nvd - Published: 2019-05-14 17:29 - Updated: 2026-06-17 02:44

Severity

8.1 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2019/May/3	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://seclists.org/bugtraq/2019/May/1	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/May/3	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/May/1	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	abus	secvest_wireless_alarm_system_fuaa50000_firmware	3.01.01
	abus	secvest_wireless_alarm_system_fuaa50000	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5A31E7-5281-4EDC-9CC5-A887857BB6B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD534B70-3FA6-4712-A30E-A9BEEB9A91CB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way."
    },
    {
      "lang": "es",
      "value": "Producto del uso de una tecnolog\u00eda RFID no segura (MIFARE Classic), las claves de chip de proximidad ABUS (tokens RFID) del sistema de alarma inalambrico de ABUS Secvest FUAA50000 pueden clonarse f\u00e1cilmente y utilizarse para desactivar el sistema de alarma de forma no autorizada."
    }
  ],
  "id": "CVE-2019-9861",
  "lastModified": "2026-06-17T02:44:44.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-14T17:29:08.397",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MJXP-PFH5-29XR

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:37

Details

Severity

8.1 (High)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9861"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-14T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.",
  "id": "GHSA-mjxp-pfh5-29xr",
  "modified": "2024-04-04T00:37:58Z",
  "published": "2022-05-24T16:45:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9861"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/May/1"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/May/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-9861

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-9861

Aliases

CVE-2019-9861

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9861",
    "description": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.",
    "id": "GSD-2019-9861"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9861"
      ],
      "details": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.",
      "id": "GSD-2019-9861",
      "modified": "2023-12-13T01:23:47.202971Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-9861",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt",
            "refsource": "MISC",
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
          },
          {
            "name": "20190503 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/May/1"
          },
          {
            "name": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
          },
          {
            "name": "20190504 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/May/3"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9861"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt"
            },
            {
              "name": "20190503 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/1"
            },
            {
              "name": "20190504 [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/3"
            },
            {
              "name": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/152714/ABUS-Secvest-3.01.01-Cryptographic-Issues.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2019-05-17T12:58Z",
      "publishedDate": "2019-05-14T17:29Z"
    }
  }
}

VAR-201905-0061

Vulnerability from variot - Updated: 2023-12-18 14:00

Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. ABUS Secvest FUAA50000 wireless alarm There are cryptographic vulnerabilities in the system.Information may be obtained and information may be altered. ABUSSecvestFUAA50000 is a wireless remote control from ABUS, Germany. An encryption issue vulnerability exists in ABUSSecvestFUAA50000 using firmware version 3.01.01. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly, resulting in content not being properly encrypted, weakly encrypted, and plaintext storage sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Advisory ID: SYSS-2019-005 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-03-15 Solution Date: - Public Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)


Overview:

ABUS Secvest (FUAA50000) is a wireless alarm system with different
features. 

The information stored on the used proximity keys can be read easily in
a very short time from distances up to 1 meter, depending on the used
RFID reader. A working cloned RFID token is ready for use within a
couple of seconds using freely available tools. 

All three RFID cloning attacks are demonstrated in our SySS
proof-of-concept video "ABUS Secvest Proximity Key Cloning PoC Attack"
[6].

Solution:

SySS GmbH is not aware of a solution for this reported security vulnerability.


Disclosure Timeline:

2019-03-15: Vulnerability reported to manufacturer
2016-05-02: Public release of security advisory

References:

[1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System

[2] Product website for ABUS proximity chip key https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key

[3] MIFARE Classic Tool - MCT https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool

[4] GitHub repository of ChameleonMini https://github.com/emsec/ChameleonMini

[5] OBO Hands RFID/NFC Reader/Writer https://www.amazon.de/dp/B07DHL9XQ4/

[6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack https://youtu.be/sPyXTQXTEcQ

[7] SySS Security Advisory SYSS-2019-005 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt

[8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/


Credits:

This security vulnerability was found by Matthias Deeg and Gerhard
Klostermeier of SySS GmbH. 

E-Mail: matthias.deeg (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

E-Mail: gerhard.klostermeier (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc
Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7

Disclaimer:

The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlzKsdkACgkQ2aS/ajSt TaujyQ/9FASdsNHxRgsOvBhw0V4+VPsVDprGjA4h39bhDJ8f4XIcAzz6ZUiXnR+0 2/0N7MkbFV4gjAmq6TVLQjw6bAlLVRHpLaWsWWQQGjDedynljMlls+bBNsIDLmfz 9mBl8S2lp26jycLgtPgL0hdjzBok9Gf6UZt5H2AnXkfDwthjqR7Ln+x4t3potLJt d87l4Xe/C1x1aMmiJWRy3CxzGTDtCoD/CwBTGvTCTPHnF/9gRobHPLIho6RKzwRE WUtTKQ9me19E5NYX7lPgF3UUcMxVP3f5Yf32K6XnuByEbk0LHiJzKxXNdMT/MCP4 jWAVkWtXHshWb17aGBCbcI1zt9DJEis6dPgm2PJ+qVE/C4s4EszDe/Hc7wgH3fU9 iXY/+SHhgBml55WyNssH+u6TBiIr20/YyABcPQmzCP97sPWzBxMrUlzaad88dsGO I6O9TlcveBrKDcyj8+frv/c+7BU95ZOZmUDLZJ99/KXF1APRGG6JaIQsJm1pi36W O4gUFgUSZ+SiELf/ZsFP3dgPaHMG/pyEVH6mYQKVrm8hEYL/Iyi9WYk4G9TztGN2 g7fkpTI4cTcPYkj9uPBMc5RWCPKCRflkG8QAxf92FBA1rNF3oJYEXQH2RQuvzYqB ghpsBL30GyEjh2DFo/sUzMPUt1Wl1otw3CzEH4eVqIX5J620ol4= =km71 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0061",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secvest wireless alarm system fuaa50000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "abus",
        "version": "3.01.01"
      },
      {
        "model": "secvest wireless alarm system fuaa50000",
        "scope": null,
        "trust": 0.8,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest fuaa50000",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abus",
        "version": "3.01.01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matthias Deeg",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-9861",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-9861",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2019-15916",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-161296",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-9861",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9861",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-15916",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-099",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-161296",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. ABUS Secvest FUAA50000 wireless alarm There are cryptographic vulnerabilities in the system.Information may be obtained and information may be altered. ABUSSecvestFUAA50000 is a wireless remote control from ABUS, Germany. An encryption issue vulnerability exists in ABUSSecvestFUAA50000 using firmware version 3.01.01. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly, resulting in content not being properly encrypted, weakly encrypted, and plaintext storage sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2019-005\nProduct: ABUS Secvest (FUAA50000)\nManufacturer: ABUS\nAffected Version(s): v3.01.01\nTested Version(s): v3.01.01\nVulnerability Type: Cryptographic Issues (CWE-310)\nRisk Level: Medium\nSolution Status: Open\nManufacturer Notification: 2019-03-15\nSolution Date: -\nPublic Disclosure: 2019-05-02\nCVE Reference: CVE-2019-9861\nAuthors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest (FUAA50000) is a wireless alarm system with different\nfeatures. \n\nThe information stored on the used proximity keys can be read easily in\na very short time from distances up to 1 meter, depending on the used\nRFID reader. A working cloned RFID token is ready for use within a\ncouple of seconds using freely available tools. \n\nAll three RFID cloning attacks are demonstrated in our SySS\nproof-of-concept video \"ABUS Secvest Proximity Key Cloning PoC Attack\"\n[6]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2019-03-15: Vulnerability reported to manufacturer\n2016-05-02: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless alarm system\n    https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System\n\n[2] Product website for ABUS proximity chip key\n    https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key\n\n[3] MIFARE Classic Tool - MCT\n    https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool\n\n[4] GitHub repository of ChameleonMini\n    https://github.com/emsec/ChameleonMini\n\n[5] OBO Hands RFID/NFC Reader/Writer\n    https://www.amazon.de/dp/B07DHL9XQ4/\n\n[6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack\n    https://youtu.be/sPyXTQXTEcQ\n\n[7] SySS Security Advisory SYSS-2019-005\n    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt\n\n[8] SySS GmbH, SySS Responsible Disclosure Policy\n    https://www.syss.de/en/news/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Matthias Deeg and Gerhard\nKlostermeier of SySS GmbH. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\nE-Mail: gerhard.klostermeier (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc\nKey fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlzKsdkACgkQ2aS/ajSt\nTaujyQ/9FASdsNHxRgsOvBhw0V4+VPsVDprGjA4h39bhDJ8f4XIcAzz6ZUiXnR+0\n2/0N7MkbFV4gjAmq6TVLQjw6bAlLVRHpLaWsWWQQGjDedynljMlls+bBNsIDLmfz\n9mBl8S2lp26jycLgtPgL0hdjzBok9Gf6UZt5H2AnXkfDwthjqR7Ln+x4t3potLJt\nd87l4Xe/C1x1aMmiJWRy3CxzGTDtCoD/CwBTGvTCTPHnF/9gRobHPLIho6RKzwRE\nWUtTKQ9me19E5NYX7lPgF3UUcMxVP3f5Yf32K6XnuByEbk0LHiJzKxXNdMT/MCP4\njWAVkWtXHshWb17aGBCbcI1zt9DJEis6dPgm2PJ+qVE/C4s4EszDe/Hc7wgH3fU9\niXY/+SHhgBml55WyNssH+u6TBiIr20/YyABcPQmzCP97sPWzBxMrUlzaad88dsGO\nI6O9TlcveBrKDcyj8+frv/c+7BU95ZOZmUDLZJ99/KXF1APRGG6JaIQsJm1pi36W\nO4gUFgUSZ+SiELf/ZsFP3dgPaHMG/pyEVH6mYQKVrm8hEYL/Iyi9WYk4G9TztGN2\ng7fkpTI4cTcPYkj9uPBMc5RWCPKCRflkG8QAxf92FBA1rNF3oJYEXQH2RQuvzYqB\nghpsBL30GyEjh2DFo/sUzMPUt1Wl1otw3CzEH4eVqIX5J620ol4=\n=km71\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "db": "PACKETSTORM",
        "id": "152714"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9861",
        "trust": 3.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152714",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-161296",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "db": "PACKETSTORM",
        "id": "152714"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ]
  },
  "id": "VAR-201905-0061",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161296"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:00:58.373000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.abus.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://packetstormsecurity.com/files/152714/abus-secvest-3.01.01-cryptographic-issues.html"
      },
      {
        "trust": 2.6,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-005.txt"
      },
      {
        "trust": 1.7,
        "url": "https://seclists.org/bugtraq/2019/may/1"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2019/may/3"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9861"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9861"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by/3.0/deed.en"
      },
      {
        "trust": 0.1,
        "url": "https://www.amazon.de/dp/b07dhl9xq4/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/emsec/chameleonmini"
      },
      {
        "trust": 0.1,
        "url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/proximity-chip-key"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
      },
      {
        "trust": 0.1,
        "url": "https://youtu.be/spyxtqxtecq"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/pgpkeys/gerhard_klostermeier.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system"
      },
      {
        "trust": 0.1,
        "url": "https://play.google.com/store/apps/details?id=de.syss.mifareclassictool"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "db": "PACKETSTORM",
        "id": "152714"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "db": "PACKETSTORM",
        "id": "152714"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9861"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "date": "2019-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "date": "2019-05-02T23:02:22",
        "db": "PACKETSTORM",
        "id": "152714"
      },
      {
        "date": "2019-05-14T17:29:08.397000",
        "db": "NVD",
        "id": "CVE-2019-9861"
      },
      {
        "date": "2019-05-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-15916"
      },
      {
        "date": "2019-05-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161296"
      },
      {
        "date": "2019-06-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      },
      {
        "date": "2019-05-17T12:58:09.160000",
        "db": "NVD",
        "id": "CVE-2019-9861"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ABUS Secvest FUAA50000 wireless alarm Cryptographic vulnerabilities in systems",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004631"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-099"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-9861 (GCVE-0-2019-9861)

CNVD-2019-15916

FKIE_CVE-2019-9861

GHSA-MJXP-PFH5-29XR

GSD-2019-9861

VAR-201905-0061

Tags

Sightings

Nomenclature