CVE-2021-40170

MEDIUM

SecuritasHome HPGW-G 0.0.2.23F - RCE

Title source: llm

Description

An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system.

References (2)

[Vendor Advisory] https://www.securitashome.se/product.html/securitashome

[Exploit, Technical Description, Third Party Advisory] https://www.diva-portal.org/smash/get/diva2:1600180/FULLTEXT04.pdf

Scores

CVSS v3 6.8

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE

CWE-294

Status published

Products (1)

securitashome/securitashome_alarm_system_firmware hpgw-g_0.0.2.23f_bg_u-itr-f1-bd_bl.a30.20181117

Published Dec 15, 2021

Tracked Since Feb 18, 2026