Vulnerabilities > Simplisafe

DATE CVE VULNERABILITY TITLE RISK
2020-05-02 CVE-2020-5727 Improper Authentication vulnerability in Simplisafe SS3 Firmware 1.0/1.3
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.
low complexity
simplisafe CWE-287
4.6
2020-02-13 CVE-2019-3998 Improper Authentication vulnerability in Simplisafe SS3 Firmware 1.4
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to.
local
low complexity
simplisafe CWE-287
5.5
2020-01-16 CVE-2019-3997 Improper Authentication vulnerability in Simplisafe SS3 Firmware 1.0/1.3
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.
low complexity
simplisafe CWE-287
4.6
2018-05-24 CVE-2018-11402 Cleartext Transmission of Sensitive Information vulnerability in Simplisafe U9K-Kp1000 Firmware
SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.
low complexity
simplisafe CWE-319
6.6
2018-05-24 CVE-2018-11401 Unspecified vulnerability in Simplisafe U9K-Bs1000 Firmware
In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.
low complexity
simplisafe
4.6
2018-05-24 CVE-2018-11400 Unspecified vulnerability in Simplisafe U9K-Bs1000 Firmware
In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.
low complexity
simplisafe
4.6
2018-05-24 CVE-2018-11399 Cleartext Transmission of Sensitive Information vulnerability in Simplisafe products
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur.
low complexity
simplisafe CWE-319
4.3