CVE-2019-9659
Description
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Chuango 433 MHz burglar alarms use static RF codes, enabling remote replay attacks to arm, disarm, or trigger the alarm without authentication.
Vulnerability
The Chuango 433 MHz burglar-alarm product line, including both Chuango branded products and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System, uses static codes in the RF remote control [1]. This means the RF signal sent to arm, disarm, or trigger the alarm is always the same and does not incorporate rolling codes, encryption, or any replay protection [1]. All versions of the following devices are affected: Chuango Wifi Alarm System, Chuango Wifi/Cellular Smart Home System H4 Plus, Chuango Wifi Alarm System AWV Plus, Chuango G5W 3G, Chuango GSM/SMS/RFID Touch Alarm System G5 Plus, Chuango GSM/SMS Alarm System G3, Chuango G5W, Chuango Dual-Network Alarm System B11, and others [1].
Exploitation
An attacker only needs to be within radio range of a target alarm system (the 433 MHz band typically reaches several hundred meters outdoors) to capture the RF signal using a simple software-defined radio or a dedicated 433 MHz receiver. The attacker can record a valid arm, disarm, or trigger command by eavesdropping on a legitimate remote control transmission. Subsequently, the attacker can replay the recorded signal at any time to arm, disarm, or trigger the alarm. No authentication, deobfuscation, or additional privileges are required beyond physical proximity to capture and replay the RF signal [1].
Impact
Successful exploitation allows an attacker to remotely arm, disarm, or trigger the alarm system without authorization. This completely undermines the security purpose of the burglar alarm, enabling an intruder to disable the alarm before a burglary, or to repeatedly trigger false alarms. The attack does not require physical access to the device or network credentials. The impact is a direct loss of confidentiality (no unauthorized entry detection) and integrity (the alarm state can be manipulated) [1].
Mitigation
Chuango confirmed the vulnerability on all devices using 433 MHz RF technology on February 11, 2019, but stated they were not able to provide an after-sales fix [1]. As of the public disclosure date (March 11, 2019), no firmware update or patch was available. Users of affected devices are advised to replace the alarm system with a model that uses rolling code or encrypted RF communication. No workaround exists to protect the static RF codes without hardware replacement [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/RiieCco/write-ups/tree/master/CVE-2019-9659mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.