exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Michael Ruttgers

ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass

Posted Jul 31, 2020

Authored by Matthias Deeg, Thomas Detert, Michael Ruttgers | Site syss.de

ABUS Secvest Hybrid module (FUMO50110) suffers an authentication bypass vulnerability. The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an attacker can spoof messages of the ABUS Secvest Hybrid module based on sniffed status RF packets that are issued by the ABUS Secvest Hybrid module on a regularly basis (~2.5 minutes).

tags | advisory, spoof, bypass

advisories | CVE-2020-14158

SHA-256 | a68c00c7fb616a3cbbfa44b0ab74d7e727e98d5025f0aa73c1c04de2a4b77175

Download | Favorite | View

ABUS Secvest Wireless Control Device Missing Encryption

Posted Jun 23, 2020

Authored by Thomas Detert, Michael Ruttgers | Site syss.de

The wireless communication of the ABUS Secvest Wireless Control Device (FUBE50001) for transmitting sensitive data like PIN codes or IDs of used proximity chip keys (RFID tokens) is not encrypted.

tags | advisory

advisories | CVE-2020-14157

SHA-256 | c954871e4ce41c0235fc5678748e8f2021e5da793d086a13df9bd48b2b66af7c

Download | Favorite | View