MidnightBSD

Advisories for abus

CVE-2018-16739

An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
abus tvip_20050_firmware -
abus tvip_71500_firmware -
abus tvip_11501_firmware -
abus tvip_20500_firmware -
abus tvip_10550_firmware -
abus tvip_10005a_firmware -
abus tvip_71550_firmware -
abus tvip_31500_firmware -
abus tvip_51550_firmware -
abus tvip_32500_firmware -
abus tvip_10000_firmware -
abus tvip_20550_firmware -
abus tvip_31551_firmware -
abus tvip_11050_firmware -
abus tvip_11502_firmware -
abus tvip_71501_firmware -
abus tvip_21502_firmware -
abus tvip_31000_firmware -
abus tvip_11500_firmware -
abus tvip_21551_firmware -
abus tvip_11551_firmware -
abus tvip_11552_firmware -
abus tvip_21000_firmware -
abus tvip_31050_firmware -
abus tvip_20000_firmware -
abus tvip_21501_firmware -
abus tvip_10005_firmware -
abus tvip_10055b_firmware -
abus tvip_22500_firmware -
abus tvip_10001_firmware -
abus tvip_10050_firmware -
abus tvip_31550_firmware -
abus tvip_71551_firmware -
abus tvip_11000_firmware -
abus tvip_51500_firmware -
abus tvip_72500_firmware -
abus tvip_21552_firmware -
abus tvip_10051_firmware -
abus tvip_11550_firmware -
abus tvip_21550_firmware -
abus tvip_10500_firmware -
abus tvip_21050_firmware -
abus tvip_10055a_firmware -
abus tvip_21500_firmware -
abus tvip_31001_firmware -
abus tvip_31501_firmware -
abus tvip_10005b_firmware -
CVE-2018-17558

Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
abus tvip_20050_firmware -
abus tvip_71500_firmware -
abus tvip_11501_firmware -
abus tvip_20500_firmware -
abus tvip_10550_firmware -
abus tvip_10005a_firmware -
abus tvip_71550_firmware -
abus tvip_31500_firmware -
abus tvip_51550_firmware -
abus tvip_32500_firmware -
abus tvip_10000_firmware -
abus tvip_20550_firmware -
abus tvip_31551_firmware -
abus tvip_11050_firmware -
abus tvip_11502_firmware -
abus tvip_71501_firmware -
abus tvip_21502_firmware -
abus tvip_31000_firmware -
abus tvip_11500_firmware -
abus tvip_21551_firmware -
abus tvip_11551_firmware -
abus tvip_11552_firmware -
abus tvip_21000_firmware -
abus tvip_31050_firmware -
abus tvip_20000_firmware -
abus tvip_21501_firmware -
abus tvip_10005_firmware -
abus tvip_10055b_firmware -
abus tvip_22500_firmware -
abus tvip_10001_firmware -
abus tvip_10050_firmware -
abus tvip_31550_firmware -
abus tvip_71551_firmware -
abus tvip_11000_firmware -
abus tvip_51500_firmware -
abus tvip_72500_firmware -
abus tvip_21552_firmware -
abus tvip_10051_firmware -
abus tvip_11550_firmware -
abus tvip_21550_firmware -
abus tvip_10500_firmware -
abus tvip_21050_firmware -
abus tvip_10055a_firmware -
abus tvip_21500_firmware -
abus tvip_31001_firmware -
abus tvip_31501_firmware -
abus tvip_10005b_firmware -
CVE-2018-17559

Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
abus tvip_20050_firmware -
abus tvip_71500_firmware -
abus tvip_11501_firmware -
abus tvip_20500_firmware -
abus tvip_10550_firmware -
abus tvip_10005a_firmware -
abus tvip_71550_firmware -
abus tvip_31500_firmware -
abus tvip_51550_firmware -
abus tvip_32500_firmware -
abus tvip_10000_firmware -
abus tvip_20550_firmware -
abus tvip_31551_firmware -
abus tvip_11050_firmware -
abus tvip_11502_firmware -
abus tvip_71501_firmware -
abus tvip_21502_firmware -
abus tvip_31000_firmware -
abus tvip_11500_firmware -
abus tvip_21551_firmware -
abus tvip_11551_firmware -
abus tvip_11552_firmware -
abus tvip_21000_firmware -
abus tvip_31050_firmware -
abus tvip_20000_firmware -
abus tvip_21501_firmware -
abus tvip_10005_firmware -
abus tvip_10055b_firmware -
abus tvip_22500_firmware -
abus tvip_10001_firmware -
abus tvip_10050_firmware -
abus tvip_31550_firmware -
abus tvip_71551_firmware -
abus tvip_11000_firmware -
abus tvip_51500_firmware -
abus tvip_72500_firmware -
abus tvip_21552_firmware -
abus tvip_10051_firmware -
abus tvip_11550_firmware -
abus tvip_21550_firmware -
abus tvip_10500_firmware -
abus tvip_21050_firmware -
abus tvip_10055a_firmware -
abus tvip_21500_firmware -
abus tvip_31001_firmware -
abus tvip_31501_firmware -
abus tvip_10005b_firmware -
CVE-2018-17878

Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
abus tvip_20050_firmware -
abus tvip_71500_firmware -
abus tvip_11501_firmware -
abus tvip_20500_firmware -
abus tvip_10550_firmware -
abus tvip_10005a_firmware -
abus tvip_71550_firmware -
abus tvip_31500_firmware -
abus tvip_51550_firmware -
abus tvip_32500_firmware -
abus tvip_10000_firmware -
abus tvip_20550_firmware -
abus tvip_31551_firmware -
abus tvip_11050_firmware -
abus tvip_11502_firmware -
abus tvip_71501_firmware -
abus tvip_21502_firmware -
abus tvip_31000_firmware -
abus tvip_11500_firmware -
abus tvip_21551_firmware -
abus tvip_11551_firmware -
abus tvip_11552_firmware -
abus tvip_21000_firmware -
abus tvip_31050_firmware -
abus tvip_20000_firmware -
abus tvip_21501_firmware -
abus tvip_10005_firmware -
abus tvip_10055b_firmware -
abus tvip_22500_firmware -
abus tvip_10001_firmware -
abus tvip_10050_firmware -
abus tvip_31550_firmware -
abus tvip_71551_firmware -
abus tvip_11000_firmware -
abus tvip_51500_firmware -
abus tvip_72500_firmware -
abus tvip_21552_firmware -
abus tvip_10051_firmware -
abus tvip_11550_firmware -
abus tvip_21550_firmware -
abus tvip_10500_firmware -
abus tvip_21050_firmware -
abus tvip_10055a_firmware -
abus tvip_21500_firmware -
abus tvip_31001_firmware -
abus tvip_31501_firmware -
abus tvip_10005b_firmware -
CVE-2018-17879

An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
abus tvip_20050_firmware -
abus tvip_71500_firmware -
abus tvip_11501_firmware -
abus tvip_20500_firmware -
abus tvip_10550_firmware -
abus tvip_10005a_firmware -
abus tvip_71550_firmware -
abus tvip_31500_firmware -
abus tvip_51550_firmware -
abus tvip_32500_firmware -
abus tvip_10000_firmware -
abus tvip_20550_firmware -
abus tvip_31551_firmware -
abus tvip_11050_firmware -
abus tvip_11502_firmware -
abus tvip_71501_firmware -
abus tvip_21502_firmware -
abus tvip_31000_firmware -
abus tvip_11500_firmware -
abus tvip_21551_firmware -
abus tvip_11551_firmware -
abus tvip_11552_firmware -
abus tvip_21000_firmware -
abus tvip_31050_firmware -
abus tvip_20000_firmware -
abus tvip_21501_firmware -
abus tvip_10005_firmware -
abus tvip_10055b_firmware -
abus tvip_22500_firmware -
abus tvip_10001_firmware -
abus tvip_10050_firmware -
abus tvip_31550_firmware -
abus tvip_71551_firmware -
abus tvip_11000_firmware -
abus tvip_51500_firmware -
abus tvip_72500_firmware -
abus tvip_21552_firmware -
abus tvip_10051_firmware -
abus tvip_11550_firmware -
abus tvip_21550_firmware -
abus tvip_10500_firmware -
abus tvip_21050_firmware -
abus tvip_10055a_firmware -
abus tvip_21500_firmware -
abus tvip_31001_firmware -
abus tvip_31501_firmware -
abus tvip_10005b_firmware -
CVE-2019-14261 MEDIUM

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
abus secvest_wireless_alarm_system_fuaa50000_firmware 3.01.01
CVE-2019-9860 MEDIUM

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-330,

Products Affected

Vendor Product Version
abus secvest_wireless_alarm_system_fuaa50000_firmware 3.01.01
abus secvest_wireless_remote_control_fube50015_firmware -
abus secvest_wireless_remote_control_fube50014_firmware -
CVE-2019-9861 MEDIUM

Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
abus secvest_wireless_alarm_system_fuaa50000_firmware 3.01.01
CVE-2019-9862 LOW

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state).

CVSS 2.0

Severity: LOW

Problem Type: CWE-311,

Products Affected

Vendor Product Version
abus secvest_wireless_alarm_system_fuaa50000_firmware 3.01.01
abus secvest_wireless_remote_control_fube50015_firmware -
abus secvest_wireless_remote_control_fube50014_firmware -
CVE-2019-9863 HIGH

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
abus secvest_wireless_alarm_system_fuaa50000_firmware 3.01.01
abus secvest_wireless_remote_control_fube50015_firmware -
abus secvest_wireless_remote_control_fube50014_firmware -
CVE-2020-14157 MEDIUM

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
abus secvest_wireless_control_fube50001_firmware -
CVE-2020-14158 MEDIUM

The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
abus secvest_hybrid_fumo50110_firmware -
CVE-2020-28973 MEDIUM

The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
abus secvest_wireless_alarm_system_fuaa50000_firmware 3.01.17
CVE-2023-26609

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
abus tvip_20000-21150_firmware -