VAR-201905-0061
Vulnerability from variot - Updated: 2023-12-18 14:00Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. ABUS Secvest FUAA50000 wireless alarm There are cryptographic vulnerabilities in the system.Information may be obtained and information may be altered. ABUSSecvestFUAA50000 is a wireless remote control from ABUS, Germany. An encryption issue vulnerability exists in ABUSSecvestFUAA50000 using firmware version 3.01.01. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly, resulting in content not being properly encrypted, weakly encrypted, and plaintext storage sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Advisory ID: SYSS-2019-005 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-03-15 Solution Date: - Public Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)
Overview:
ABUS Secvest (FUAA50000) is a wireless alarm system with different
features.
The information stored on the used proximity keys can be read easily in
a very short time from distances up to 1 meter, depending on the used
RFID reader. A working cloned RFID token is ready for use within a
couple of seconds using freely available tools.
All three RFID cloning attacks are demonstrated in our SySS
proof-of-concept video "ABUS Secvest Proximity Key Cloning PoC Attack"
[6].
Solution:
SySS GmbH is not aware of a solution for this reported security vulnerability.
Disclosure Timeline:
2019-03-15: Vulnerability reported to manufacturer
2016-05-02: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System
[2] Product website for ABUS proximity chip key https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key
[3] MIFARE Classic Tool - MCT https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool
[4] GitHub repository of ChameleonMini https://github.com/emsec/ChameleonMini
[5] OBO Hands RFID/NFC Reader/Writer https://www.amazon.de/dp/B07DHL9XQ4/
[6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack https://youtu.be/sPyXTQXTEcQ
[7] SySS Security Advisory SYSS-2019-005 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt
[8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/
Credits:
This security vulnerability was found by Matthias Deeg and Gerhard
Klostermeier of SySS GmbH.
E-Mail: matthias.deeg (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
E-Mail: gerhard.klostermeier (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc
Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7
Disclaimer:
The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlzKsdkACgkQ2aS/ajSt TaujyQ/9FASdsNHxRgsOvBhw0V4+VPsVDprGjA4h39bhDJ8f4XIcAzz6ZUiXnR+0 2/0N7MkbFV4gjAmq6TVLQjw6bAlLVRHpLaWsWWQQGjDedynljMlls+bBNsIDLmfz 9mBl8S2lp26jycLgtPgL0hdjzBok9Gf6UZt5H2AnXkfDwthjqR7Ln+x4t3potLJt d87l4Xe/C1x1aMmiJWRy3CxzGTDtCoD/CwBTGvTCTPHnF/9gRobHPLIho6RKzwRE WUtTKQ9me19E5NYX7lPgF3UUcMxVP3f5Yf32K6XnuByEbk0LHiJzKxXNdMT/MCP4 jWAVkWtXHshWb17aGBCbcI1zt9DJEis6dPgm2PJ+qVE/C4s4EszDe/Hc7wgH3fU9 iXY/+SHhgBml55WyNssH+u6TBiIr20/YyABcPQmzCP97sPWzBxMrUlzaad88dsGO I6O9TlcveBrKDcyj8+frv/c+7BU95ZOZmUDLZJ99/KXF1APRGG6JaIQsJm1pi36W O4gUFgUSZ+SiELf/ZsFP3dgPaHMG/pyEVH6mYQKVrm8hEYL/Iyi9WYk4G9TztGN2 g7fkpTI4cTcPYkj9uPBMc5RWCPKCRflkG8QAxf92FBA1rNF3oJYEXQH2RQuvzYqB ghpsBL30GyEjh2DFo/sUzMPUt1Wl1otw3CzEH4eVqIX5J620ol4= =km71 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest wireless alarm system fuaa50000",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest fuaa50000",
"scope": "eq",
"trust": 0.6,
"vendor": "abus",
"version": "3.01.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-9861",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-15916",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-161296",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9861",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9861",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-15916",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-099",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. ABUS Secvest FUAA50000 wireless alarm There are cryptographic vulnerabilities in the system.Information may be obtained and information may be altered. ABUSSecvestFUAA50000 is a wireless remote control from ABUS, Germany. An encryption issue vulnerability exists in ABUSSecvestFUAA50000 using firmware version 3.01.01. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly, resulting in content not being properly encrypted, weakly encrypted, and plaintext storage sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2019-005\nProduct: ABUS Secvest (FUAA50000)\nManufacturer: ABUS\nAffected Version(s): v3.01.01\nTested Version(s): v3.01.01\nVulnerability Type: Cryptographic Issues (CWE-310)\nRisk Level: Medium\nSolution Status: Open\nManufacturer Notification: 2019-03-15\nSolution Date: -\nPublic Disclosure: 2019-05-02\nCVE Reference: CVE-2019-9861\nAuthors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest (FUAA50000) is a wireless alarm system with different\nfeatures. \n\nThe information stored on the used proximity keys can be read easily in\na very short time from distances up to 1 meter, depending on the used\nRFID reader. A working cloned RFID token is ready for use within a\ncouple of seconds using freely available tools. \n\nAll three RFID cloning attacks are demonstrated in our SySS\nproof-of-concept video \"ABUS Secvest Proximity Key Cloning PoC Attack\"\n[6]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2019-03-15: Vulnerability reported to manufacturer\n2016-05-02: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless alarm system\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System\n\n[2] Product website for ABUS proximity chip key\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key\n\n[3] MIFARE Classic Tool - MCT\n https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool\n\n[4] GitHub repository of ChameleonMini\n https://github.com/emsec/ChameleonMini\n\n[5] OBO Hands RFID/NFC Reader/Writer\n https://www.amazon.de/dp/B07DHL9XQ4/\n\n[6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack\n https://youtu.be/sPyXTQXTEcQ\n\n[7] SySS Security Advisory SYSS-2019-005\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt\n\n[8] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Matthias Deeg and Gerhard\nKlostermeier of SySS GmbH. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\nE-Mail: gerhard.klostermeier (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc\nKey fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlzKsdkACgkQ2aS/ajSt\nTaujyQ/9FASdsNHxRgsOvBhw0V4+VPsVDprGjA4h39bhDJ8f4XIcAzz6ZUiXnR+0\n2/0N7MkbFV4gjAmq6TVLQjw6bAlLVRHpLaWsWWQQGjDedynljMlls+bBNsIDLmfz\n9mBl8S2lp26jycLgtPgL0hdjzBok9Gf6UZt5H2AnXkfDwthjqR7Ln+x4t3potLJt\nd87l4Xe/C1x1aMmiJWRy3CxzGTDtCoD/CwBTGvTCTPHnF/9gRobHPLIho6RKzwRE\nWUtTKQ9me19E5NYX7lPgF3UUcMxVP3f5Yf32K6XnuByEbk0LHiJzKxXNdMT/MCP4\njWAVkWtXHshWb17aGBCbcI1zt9DJEis6dPgm2PJ+qVE/C4s4EszDe/Hc7wgH3fU9\niXY/+SHhgBml55WyNssH+u6TBiIr20/YyABcPQmzCP97sPWzBxMrUlzaad88dsGO\nI6O9TlcveBrKDcyj8+frv/c+7BU95ZOZmUDLZJ99/KXF1APRGG6JaIQsJm1pi36W\nO4gUFgUSZ+SiELf/ZsFP3dgPaHMG/pyEVH6mYQKVrm8hEYL/Iyi9WYk4G9TztGN2\ng7fkpTI4cTcPYkj9uPBMc5RWCPKCRflkG8QAxf92FBA1rNF3oJYEXQH2RQuvzYqB\nghpsBL30GyEjh2DFo/sUzMPUt1Wl1otw3CzEH4eVqIX5J620ol4=\n=km71\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "PACKETSTORM",
"id": "152714"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9861",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "152714",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-15916",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161296",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "PACKETSTORM",
"id": "152714"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"id": "VAR-201905-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
}
]
},
"last_update_date": "2023-12-18T14:00:58.373000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/152714/abus-secvest-3.01.01-cryptographic-issues.html"
},
{
"trust": 2.6,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-005.txt"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/1"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/may/3"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9861"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9861"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.amazon.de/dp/b07dhl9xq4/"
},
{
"trust": 0.1,
"url": "https://github.com/emsec/chameleonmini"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/proximity-chip-key"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://youtu.be/spyxtqxtecq"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/pgpkeys/gerhard_klostermeier.asc"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system"
},
{
"trust": 0.1,
"url": "https://play.google.com/store/apps/details?id=de.syss.mifareclassictool"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "PACKETSTORM",
"id": "152714"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "PACKETSTORM",
"id": "152714"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"date": "2019-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-161296"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"date": "2019-05-02T23:02:22",
"db": "PACKETSTORM",
"id": "152714"
},
{
"date": "2019-05-14T17:29:08.397000",
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"date": "2019-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"date": "2019-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-161296"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"date": "2019-05-17T12:58:09.160000",
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABUS Secvest FUAA50000 wireless alarm Cryptographic vulnerabilities in systems",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…