An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system.
References
| Link | Resource |
|---|---|
| https://www.diva-portal.org/smash/get/diva2:1600180/FULLTEXT04.pdf | Exploit Technical Description Third Party Advisory |
| https://www.securitashome.se/product.html/securitashome | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
06 Jan 2022, 21:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://www.diva-portal.org/smash/get/diva2:1600180/FULLTEXT04.pdf - Exploit, Technical Description, Third Party Advisory | |
| References | (MISC) https://www.securitashome.se/product.html/securitashome - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.8 |
| CPE | cpe:2.3:h:securitashome:securitashome_alarm_system:-:*:*:*:*:*:*:* cpe:2.3:o:securitashome:securitashome_alarm_system_firmware:hpgw-g_0.0.2.23f_bg_u-itr-f1-bd_bl.a30.20181117:*:*:*:*:*:*:* |
|
| CWE | CWE-294 | |
| First Time |
Securitashome securitashome Alarm System
Securitashome securitashome Alarm System Firmware Securitashome |
15 Dec 2021, 08:00
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-12-15 07:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-40170
Mitre link : CVE-2021-40170
CVE.ORG link : CVE-2021-40170
JSON object : View
Products Affected
securitashome
- securitashome_alarm_system_firmware
- securitashome_alarm_system
CWE
CWE-294
Authentication Bypass by Capture-replay