Improper Authentication in Hozard Alarm System v1.0 Allows Disarming from Any Phone Number
CVE-2023-50127 · MEDIUM Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number.
Learn more about our Web Application Penetration Testing UK.