CVE-2019-9659 - OpenCVE

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Chuango	Wifi Alarm System Firmware Awv Plus Wifi Alarm System G3 Gsm\/sms Alarm System G5w 3g Firmware A8 Pstn Alarm System G5w 3g Cg-105s On-site Alarm System Firmware G3 Gsm\/sms Alarm System Firmware Wifi Alarm System A11 Pstn\/lcd\/rfid Touch Alarm System B11 Dual-network Alarm System Firmware B11 Dual-network Alarm System A8 Pstn Alarm System Firmware G5 Plus Gsm\/sms\/rfid Touch Alarm System Wifi\/cellular Smart Home System H4 Plus Wifi\/cellular Smart Home System H4 Plus Firmware Cg-105s On-site Alarm System G5 Plus Gsm\/sms\/rfid Touch Alarm System Firmware Awv Plus Wifi Alarm System Firmware A11 Pstn\/lcd\/rfid Touch Alarm System Firmware
Eminent	Em8617 Ov2 Wifi Alarm System Em8617 Ov2 Wifi Alarm System Firmware

Configuration 1 [-]

AND

cpe:2.3:o:chuango:wifi_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:wifi_alarm_system:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:chuango:wifi\/cellular_smart_home_system_h4_plus_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:wifi\/cellular_smart_home_system_h4_plus:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:chuango:awv_plus_wifi_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:awv_plus_wifi_alarm_system:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:chuango:g5w_3g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:g5w_3g:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:chuango:g5_plus_gsm\/sms\/rfid_touch_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:g5_plus_gsm\/sms\/rfid_touch_alarm_system:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:chuango:g3_gsm\/sms_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:g3_gsm\/sms_alarm_system:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:chuango:g5w_3g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:g5w_3g:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:chuango:b11_dual-network_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:b11_dual-network_alarm_system:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:chuango:a8_pstn_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:a8_pstn_alarm_system:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:chuango:a11_pstn\/lcd\/rfid_touch_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:a11_pstn\/lcd\/rfid_touch_alarm_system:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:chuango:cg-105s_on-site_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:chuango:cg-105s_on-site_alarm_system:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:eminent:em8617_ov2_wifi_alarm_system_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:eminent:em8617_ov2_wifi_alarm_system:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-11T15:00:00

Updated: 2019-03-11T14:57:01

Reserved: 2019-03-10T00:00:00

Link: CVE-2019-9659

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-11T15:29:00.247

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-9659

JSON object: View

Redhat Information

No data.

CWE

CWE-294