CVE-2023-39842

LOW

Mydigoo Dg-hamb Smart Home Security S... - Missing Encryption

Title source: rule

Description

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.

References (1)

[Exploit, Third Party Advisory] https://ashallen.net/smart-security-device-rfid-vulnerability-disclosure

Scores

CVSS v3 2.4

EPSS 0.0001

EPSS Percentile 2.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-311

Status published

Products (1)

mydigoo/dg-hamb_smart_home_security_system_firmware 1.0

Published Aug 15, 2023

Tracked Since Feb 18, 2026