Login Sign Up

CVE-2023-31759

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass security controls in the Kerui W18 Alarm System by recording and replaying 433MHz signals from the keyfob. Attackers can gain full access to disarm or control the alarm system. This affects users of the Kerui W18 Alarm System v1.0 with the vulnerable keyfob.

💻 Affected Systems

Products:
  • Kerui W18 Alarm System
Versions: v1.0
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All systems using the vulnerable 433MHz keyfob are affected regardless of configuration.

📦 What is this software?

Kerui W18 Firmware by Keruistore

View all CVEs affecting Kerui W18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain physical access to secured premises by disarming the alarm system, potentially leading to theft, property damage, or personal harm.

🟠

Likely Case

Unauthorized disarming of alarm systems allowing burglary or unauthorized entry to protected areas.

🟢

If Mitigated

Limited to physical proximity attacks requiring specialized equipment, with proper monitoring detecting unauthorized disarm events.

🌐 Internet-Facing: LOW - This is a physical wireless attack requiring proximity to the target system.
🏢 Internal Only: HIGH - Attackers within wireless range (typically 100-300 feet) can exploit this vulnerability without network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires inexpensive SDR (Software Defined Radio) equipment and basic RF knowledge to capture and replay signals.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Contact Kerui for hardware replacement options or firmware updates if available.

🔧 Temporary Workarounds

Physical Keyfob Storage

all

Store keyfobs in Faraday bags or shielded containers when not in use to prevent signal capture.

Alternative Authentication

all

Use PIN codes or mobile app authentication instead of keyfob when possible.

🧯 If You Can't Patch

  • Replace vulnerable keyfobs with updated versions using rolling code or encryption if available from vendor
  • Implement additional physical security layers (cameras, motion sensors, door contacts) to detect unauthorized entry

🔍 How to Verify

Check if Vulnerable:

Check if your alarm system uses Kerui W18 v1.0 with 433MHz keyfob. Test with SDR equipment to see if signals can be captured and replayed.

Check Version:

Check physical label on alarm system base unit for model and version information.

Verify Fix Applied:

Test with SDR equipment to verify signals cannot be replayed successfully. Check for updated keyfob firmware or hardware version.

📡 Detection & Monitoring

Log Indicators:

  • Multiple disarm events in short timeframe
  • Disarm events without corresponding authorized user activity

Network Indicators:

  • Not applicable - this is RF-based attack

SIEM Query:

Not applicable for RF-based attacks. Monitor physical security system logs for suspicious disarm patterns.

📊 Metadata

CVE ID: CVE-2023-31759
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-294
Published: May 24, 2023
Last Updated: January 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31759, you might also want to check these:

CVE-2025-49752 10.0

CVE-2025-49752 is an elevation of privilege vulnerability in Azure Bastion that allows authenticated...

Same vulnerability type (CWE-294)
CVE-2022-29334 9.8

CVE-2022-29334 is an authentication bypass vulnerability in H v1.0 that allows attackers to gain una...

Same vulnerability type (CWE-294)
CVE-2018-17932 9.8

CVE-2018-17932 affects JUUKO K-800 industrial control devices, allowing attackers to replay commands...

Same vulnerability type (CWE-294)