Vulnerabilities > CVE-2023-50123 - Improper Restriction of Excessive Authentication Attempts vulnerability in Hozard Alarm System 1.0

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

hozard

CWE-307

NVD

Published: 2024-01-11

Updated: 2024-01-19

Summary

The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state.

Vulnerable Configurations

Part	Description	Count
Application	Hozard Hozard Alarm System 1.0	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices