> [Suggested description]> Rubetek SmartHome 2020 devices use> unencrypted 4

1. > [Suggested description]
2. > Rubetek SmartHome 2020 devices use
3. > unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely.
4. >
5. > ------------------------------------------
6. >
7. > [VulnerabilityType Other]
8. > Cleartext Transmission of Sensitive Information
9. >
10. > ------------------------------------------
11. >
12. > [Vendor of Product]
13. > Rubetek
14. >
15. > ------------------------------------------
16. >
17. > [Affected Product Code Base]
18. > Smarthome USB control module - 2020
19. >
20. > ------------------------------------------
21. >
22. > [Affected Component]
23. > Firmware of USB control module and smarthome beacons
24. >
25. > ------------------------------------------
26. >
27. > [Attack Type]
28. > Remote
29. >
30. > ------------------------------------------
31. >
32. > [Impact Denial of Service]
33. > true
34. >
35. > ------------------------------------------
36. >
37. > [Impact Information Disclosure]
38. > true
39. >
40. > ------------------------------------------
41. >
42. > [CVE Impact Other]
43. > data spoofing
44. >
45. > ------------------------------------------
46. >
47. > [Attack Vectors]
48. > To exploit vulnerability, someone need to buy 433 MHz transceiver module and send special crafted request.
49. > Another vector: someone need to buy 433 MHz receiver module and sniff information about anyone's smarthome status.
50. >
51. > ------------------------------------------
52. >
53. > [Reference]
54. > https://rubetek.com/
55. >
56. > ------------------------------------------
57. >
58. > [Discoverer]
59. > Ilya Shaposhnikov
60.  
61. CVE-2020-9550