CVE-2019-9659
moderate-risk
Published 2019-03-11
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
Do I need to act?
-
0.28% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10
Critical
NETWORK
/ LOW complexity
Affected Products (11)
Wifi Alarm System Firmware
Wifi\/Cellular Smart Home System H4 Plus Firmware
Awv Plus Wifi Alarm System Firmware
G5W 3G Firmware
G5 Plus Gsm\/Sms\/Rfid Touch Alarm System Firmware
G3 Gsm\/Sms Alarm System Firmware
B11 Dual-Network Alarm System Firmware
A8 Pstn Alarm System Firmware
A11 Pstn\/Lcd\/Rfid Touch Alarm System Firmware
Cg-105S On-Site Alarm System Firmware
Em8617 Ov2 Wifi Alarm System Firmware
References (2)
Third Party Advisory
https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659
Third Party Advisory
https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659
48
/ 100
moderate-risk
Severity
31/34 · Critical
Exploitability
1/34 · Minimal
Exposure
16/34 · Moderate