CVE-2019-9659

CRITICAL

Chuango 433 MHz burglar-alarm - Info Disclosure

Title source: llm

Description

The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.

References (1)

[Third Party Advisory] https://github.com/RiieCco/write-ups/tree/master/CVE-2019-9659

View Writeup ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-294

Status published

Products (11)

chuango/a11_pstn\/lcd\/rfid_touch_alarm_system_firmware

chuango/a8_pstn_alarm_system_firmware

chuango/awv_plus_wifi_alarm_system_firmware

chuango/b11_dual-network_alarm_system_firmware

chuango/cg-105s_on-site_alarm_system_firmware

chuango/g3_gsm\/sms_alarm_system_firmware

chuango/g5_plus_gsm\/sms\/rfid_touch_alarm_system_firmware

chuango/g5w_3g_firmware

chuango/wifi\/cellular_smart_home_system_h4_plus_firmware

chuango/wifi_alarm_system_firmware

... and 1 more

Published Mar 11, 2019

Tracked Since Feb 18, 2026