VYPR

Abuse

by Abuse

CVEs (17)

  • CVE-2023-26609Feb 27, 2023
    risk 0.06cvss epss 0.39

    ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.

  • CVE-2018-17879Oct 26, 2023
    risk 0.05cvss epss 0.22

    An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.

  • CVE-2002-1250Nov 12, 2002
    risk 0.03cvss epss 0.01

    Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.

  • CVE-2018-16739Oct 26, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

  • CVE-2018-17878Oct 26, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.

  • CVE-2018-17559Oct 26, 2023
    risk 0.00cvss epss 0.01

    Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.

  • CVE-2018-17558Oct 26, 2023
    risk 0.00cvss epss 0.03

    Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and…

  • CVE-2020-28973Apr 21, 2021
    risk 0.00cvss epss 0.01

    The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can…

  • CVE-2020-14158Jul 30, 2020
    risk 0.00cvss epss 0.02

    The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it easier to conduct wAppLoxx authentication-bypass attacks.

  • CVE-2020-14157Jun 17, 2020
    risk 0.00cvss epss 0.01

    The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.

  • CVE-2019-14261Sep 3, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls,…

  • CVE-2019-9861May 14, 2019
    risk 0.00cvss epss 0.02

    Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.

  • CVE-2019-9860Mar 27, 2019
    risk 0.00cvss epss 0.01

    Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the…

  • CVE-2019-9862Mar 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the…

  • CVE-2019-9863Mar 27, 2019
    risk 0.00cvss epss 0.02

    Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an…

  • CVE-2009-3780Oct 26, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2002-1253Nov 12, 2002
    risk 0.00cvss epss 0.01

    Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.