Alarm System
CVE-2023-50127
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number.
AnalysisAI
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number. Affected products include: Hozard Alarm System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Alarm System
View allThe number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. Rated h
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned ta
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm sys
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today