Guest User

Untitled

a guest
Mar 2nd, 2020
988
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. > [Suggested description]
  2. > Rubetek SmartHome 2020 devices use
  3. > unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely.
  4. >
  5. > ------------------------------------------
  6. >
  7. > [VulnerabilityType Other]
  8. > Cleartext Transmission of Sensitive Information
  9. >
  10. > ------------------------------------------
  11. >
  12. > [Vendor of Product]
  13. > Rubetek
  14. >
  15. > ------------------------------------------
  16. >
  17. > [Affected Product Code Base]
  18. > Smarthome USB control module - 2020
  19. >
  20. > ------------------------------------------
  21. >
  22. > [Affected Component]
  23. > Firmware of USB control module and smarthome beacons
  24. >
  25. > ------------------------------------------
  26. >
  27. > [Attack Type]
  28. > Remote
  29. >
  30. > ------------------------------------------
  31. >
  32. > [Impact Denial of Service]
  33. > true
  34. >
  35. > ------------------------------------------
  36. >
  37. > [Impact Information Disclosure]
  38. > true
  39. >
  40. > ------------------------------------------
  41. >
  42. > [CVE Impact Other]
  43. > data spoofing
  44. >
  45. > ------------------------------------------
  46. >
  47. > [Attack Vectors]
  48. > To exploit vulnerability, someone need to buy 433 MHz transceiver module and send special crafted request.
  49. > Another vector: someone need to buy 433 MHz receiver module and sniff information about anyone's smarthome status.
  50. >
  51. > ------------------------------------------
  52. >
  53. > [Reference]
  54. > https://rubetek.com/
  55. >
  56. > ------------------------------------------
  57. >
  58. > [Discoverer]
  59. > Ilya Shaposhnikov
  60.  
  61. CVE-2020-9550
RAW Paste Data