Improper Authentication in Hozard Alarm System v1.0 Allows Disarming from Any Phone Number

Improper Authentication in Hozard Alarm System v1.0 Allows Disarming from Any Phone Number

CVE-2023-50127 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number.

Learn more about our Web Application Penetration Testing UK.