Vulnerabilities > CVE-2019-9860 - Insufficient Entropy in PRNG vulnerability in Abus products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

abus

CWE-332

NVD

Published: 2019-03-27

Updated: 2021-07-21

Summary

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.

Vulnerable Configurations

Part	Description	Count
OS	Abus Abus Secvest Wireless Alarm System Fuaa50000 Firmware 3.01.01 Abus Secvest Wireless Remote Control Fube50014 Firmware - Abus Secvest Wireless Remote Control Fube50015 Firmware -	3
Hardware	Abus Abus Secvest Wireless Alarm System Fuaa50000 - Abus Secvest Wireless Remote Control Fube50014 - Abus Secvest Wireless Remote Control Fube50015 -	3

Common Weakness Enumeration (CWE)

CWE-332 - Insufficient Entropy in PRNG

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt