Main Vulnerability Database Vulnerabilities #VU52558

Missing Authentication for Critical Function in Secvest Wireless Alarm System FUAA50000 - CVE-2020-28973

Published: April 26, 2021

Vulnerability identifier: #VU52558

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-28973

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Secvest Wireless Alarm System FUAA50000

Software vendor:
ABUS

Description

The vulnerability allows a remote attacker to gain unauthorized access to the device.

The vulnerability exists due to missing authentication checks for multiple scripts within the HTTP management interface of the device. A remote non-authenticated attacker can directly request certain scripts and obtain sensitive information, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.

Remediation

Install updates from vendor's website.

External links

https://eye.security/en/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973

Missing Authentication for Critical Function in Secvest Wireless Alarm System FUAA50000 - CVE-2020-28973

Description

Remediation

External links

Please verify you're human