Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.
Source: MITRE
Published: 2020-01-16
Updated: 2020-08-24
Type: CWE-287
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 0.9
Severity: MEDIUM