Skip to content
Branch: master
Find file History
Latest commit fa264f9 Apr 28, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.MD Create README.MD Apr 27, 2019



[Suggested description]

The Chuango 433 MHz burglar-alarm product line is vulnerable to a
Denial of Service attack. When the condition is triggered, the OV2
base station is unable to process sensor states and effectively
prevents the alarm from setting off,
as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent 
EM8617 OV2 Wifi Alarm System.

[Additional Information]

==Vendor details==

Established in Fuzhou, China in 2001, Chuango Security Technology
Corporation specializes in wireless smart home technology, ranging
from DIY security and home automation to energy and health management

==Other affected products==

Chuango is an OEM manufacturer that produces devices for several vendors. Known vulnerable includes (but not limited to)
* Eminent EM8617 OV2 Wifi Alarm System

==Disclosure timeline==

April 19, 2019 Vulnerability discovery
April 19, 2019 Vendor is notified of the vulnerability
April 26, 2019 No vendor response was received. Requested CVE ID

[VulnerabilityType Other]

Denial of service

[Vendor of Product]


[Affected Product Code Base]

Chuango Wifi Alarm System - All versions
Chuango Wifi/Cellular Smart Home System H4 Plus - All versions
Chuango Wifi Alarm System AWV Plus - All versions
Chuango G5W 3G - All versions
Chuango GSM/SMS/RFID Touch Alarm System G5 Plus - All versions
Chuango GSM/SMS Alarm System G3 - All versions
Chuango G5W - All versions
Chuango Dual-Network Alarm System B11 - All versions
Chuango PSTN Alarm System A8 - All versions
Chuango PSTN/LCD/RFID Touch Alarm System A11 - All versions
Chuango CG-105S On-Site Alarm System - All versions

[Affected Component]

 433MHz RF interface request handling in the base station.

[Attack Type]


[CVE Impact Denial of service] true

[Attack Vectors]

Create a DOS condition that makes the base station unresponsive for
other incoming sensor triggers. The OV2 base station is unable to
process sensor states and effectively causes the alarm to render


[Has vendor confirmed or acknowledged the vulnerability?]



Mattijs van Ommeren/Riccardo ten Cate
You can’t perform that action at this time.