CVE-2023-50123 – CVE-2023-50123 allows attackers to brute force ... (How to Fix)

Q: What is the severity of CVE-2023-50123?

CVE-2023-50123 has a CVSS score of 8.1 (HIGH). CVE-2023-50123 allows attackers to brute force SMS authentication on the Hozard Alarm system v1.0 due to unlimited disarming attempts. This could let attackers disarm alarm systems remotely. Affects users of Hozard Alarm system v1.0.

📋 TL;DR

CVE-2023-50123 allows attackers to brute force SMS authentication on the Hozard Alarm system v1.0 due to unlimited disarming attempts. This could let attackers disarm alarm systems remotely. Affects users of Hozard Alarm system v1.0.

💻 Affected Systems

Products:

Hozard Alarm system (alarmsystemen)

Versions: v1.0

Operating Systems: Embedded/IoT

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SMS connectivity; vulnerability exists in authentication mechanism.

📦 What is this software?

Alarm System by Hozard

View all CVEs affecting Alarm System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker successfully disarms alarm system, enabling physical intrusion without triggering alarms or notifications.

🟠

Likely Case

Attacker disarms alarm system after multiple SMS attempts, potentially allowing unauthorized access.

🟢

If Mitigated

Failed authentication attempts are logged and limited, preventing successful brute force attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires SMS access to target system; brute force tools can automate attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices

Restart Required: No

Instructions:

No official patch available. Contact vendor for firmware updates or mitigation guidance.

🔧 Temporary Workarounds

Implement SMS rate limiting

all

Configure SMS gateway or alarm system to limit authentication attempts per time period.

Disable SMS authentication

all

Switch to alternative authentication methods if available.

🧯 If You Can't Patch

Monitor SMS logs for repeated authentication attempts and alert on anomalies.
Implement network segmentation to restrict SMS gateway access to trusted sources only.

🔍 How to Verify

Check if Vulnerable:

Test if system allows unlimited SMS authentication attempts for disarming.

Check Version:

Check device firmware version via admin interface or documentation.

Verify Fix Applied:

Verify that SMS authentication attempts are now limited (e.g., lockout after 5 failed attempts).

📡 Detection & Monitoring

Log Indicators:

Multiple failed SMS authentication attempts from same source in short timeframe.

Network Indicators:

Unusual SMS traffic patterns to alarm system numbers.

SIEM Query:

sms_authentication_failure_count > 5 WITHIN 5 minutes

📊 Metadata

CVE ID: CVE-2023-50123

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-307

Published: January 11, 2024

Last Updated: June 20, 2025

🔗 References

https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices Exploit,Third Party Advisory
https://www.secura.com/services/iot/consumer-products/security-concerns-in-popular-smart-home-devices Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50123, you might also want to check these: