CVE-2019-11561

Vulnerability

The Chuango 433 MHz burglar-alarm product line, including the OV2 base station and many Chuango-branded and OEM products such as the Eminent EM8617 OV2 Wifi Alarm System, contains a vulnerability in the handling of 433 MHz RF interface requests. An attacker can cause a denial-of-service (DoS) condition by sending malicious RF signals that overwhelm the base station, making it unable to process sensor states. All versions of the affected product lines are considered vulnerable, as per the vendor disclosure timeline [1].

Exploitation

An attacker needs only physical proximity to transmit a specially crafted 433 MHz RF signal to the base station. No authentication or special privileges are required. The attacker sends a continuous or high-volume series of RF requests, which the base station processes, causing a DoS condition. Once the condition is triggered, the base station becomes unresponsive to legitimate sensor triggers, such as door/window contacts or motion detectors [1].

Impact

Successful exploitation results in the base station being unable to process sensor states, effectively disabling the alarm system. The alarm will not set off when an intrusion occurs, as the base station ignores sensor inputs. The confidentiality and integrity of the system are not directly compromised, but availability is severely impacted, allowing physical intrusions to go undetected [1].

Mitigation

As of the disclosure timeline (April 2019), the vendor was notified but did not respond. No official fix, patch, or workaround has been published for the affected products. Users of the Chuango product line and OEM rebrands (e.g., Eminent EM8617) should consider replacing the device or implementing physical countermeasures, such as shielding or disabling RF reception, until a fix becomes available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing [1].