关键漏洞信息 Advisory ID: SYSS-2018-035 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Vulnerability Details: Issue: The claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not actually implemented. Attack Scenario: An attacker can observe radio signals and see all transmitted data in cleartext, including current rolling code state. Affected Models: ABUS Secvest wireless remote controls FUBE50014 and FUBE50015. Proof of Concept: Developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver to disarm the alarm system in an unauthorized way. Solution Status: Status: Open Manufacturer Status: No solution available as of the publication date (2019-03-25). Disclosure Timeline: Vulnerability reported to manufacturer in 2018-11-21. Public release on 2019-03-25. References: SySS Security Advisory SYSS-2018-035 for detailed information and verification process.