The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
==Vendor details== Established in Fuzhou, China in 2001, Chuango Security Technology Corporation specializes in wireless smart home technology, ranging from DIY security and home automation to energy and health management systems. http://www.chuango.com ==Other affected products== Chuango is an OEM manufacturer that produces devices for several vendors. Known vulnerable includes (but not limited to) * Eminent EM8617 OV2 Wifi Alarm System ==Disclosure timeline== April 19, 2019 Vulnerability discovery April 19, 2019 Vendor is notified of the vulnerability April 26, 2019 No vendor response was received. Requested CVE ID
Denial of service
[Vendor of Product]
[Affected Product Code Base]
Chuango Wifi Alarm System - All versions Chuango Wifi/Cellular Smart Home System H4 Plus - All versions Chuango Wifi Alarm System AWV Plus - All versions Chuango G5W 3G - All versions Chuango GSM/SMS/RFID Touch Alarm System G5 Plus - All versions Chuango GSM/SMS Alarm System G3 - All versions Chuango G5W - All versions Chuango Dual-Network Alarm System B11 - All versions Chuango PSTN Alarm System A8 - All versions Chuango PSTN/LCD/RFID Touch Alarm System A11 - All versions Chuango CG-105S On-Site Alarm System - All versions
433MHz RF interface request handling in the base station.
[CVE Impact Denial of service] true
Create a DOS condition that makes the base station unresponsive for other incoming sensor triggers. The OV2 base station is unable to process sensor states and effectively causes the alarm to render dysfunctional.
[Has vendor confirmed or acknowledged the vulnerability?]
Mattijs van Ommeren/Riccardo ten Cate