Login Sign Up

CVE-2025-65552

9.8 CRITICAL

📋 TL;DR

The D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on its 433 MHz sensor communication channel. Attackers within RF range can record legitimate alarm/control frames and replay them to trigger false alarms or potentially disable security functions. This affects all users of the vulnerable system version.

💻 Affected Systems

Products:
  • D3D Wi-Fi Home Security System ZX-G12
Versions: v2.1.1
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this firmware version are vulnerable in default configuration. The vulnerability is in the RF communication protocol implementation.

📦 What is this software?

Zx G12 Firmware by D3dsecurity

View all CVEs affecting Zx G12 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker triggers false alarms repeatedly, causing emergency service fatigue, or replays disarm commands to bypass security during a break-in.

🟠

Likely Case

False alarm triggers causing nuisance, potential fines from authorities, and reduced trust in the security system.

🟢

If Mitigated

Limited impact with proper physical security controls and monitoring, but system remains vulnerable to RF replay.

🌐 Internet-Facing: LOW (This is a local RF attack, not internet-based)
🏢 Internal Only: HIGH (Attack requires physical proximity within RF range of the system)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires only an SDR (Software Defined Radio) or 433 MHz transmitter within range. GitHub repository contains proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Contact vendor D3D Security for firmware update information.

🔧 Temporary Workarounds

Physical RF Shielding

all

Add RF shielding around sensors and control unit to reduce attack surface

Alternative Monitoring

all

Supplement with secondary security system using different technology

🧯 If You Can't Patch

  • Replace vulnerable system with a model that implements rolling codes and message authentication
  • Implement physical security measures to detect and deter RF-based attacks in the vicinity

🔍 How to Verify

Check if Vulnerable:

Check firmware version in system settings. If version is v2.1.1, system is vulnerable.

Check Version:

Check system admin interface or device label for firmware version

Verify Fix Applied:

No fix available to verify. Monitor vendor announcements for firmware updates.

📡 Detection & Monitoring

Log Indicators:

  • Multiple identical alarm triggers in rapid succession
  • Alarms triggered without corresponding sensor events

Network Indicators:

  • Unusual 433 MHz signal patterns detected by RF monitoring

SIEM Query:

Not applicable - this is an RF-based attack, not network-based

📊 Metadata

CVE ID: CVE-2025-65552
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-294
EPSS Score: 0.12% exploit probability (31.3th percentile)
Published: January 12, 2026
Last Updated: February 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65552, you might also want to check these:

CVE-2025-49752 10.0

CVE-2025-49752 is an elevation of privilege vulnerability in Azure Bastion that allows authenticated...

Same vulnerability type (CWE-294)
CVE-2022-29334 9.8

CVE-2022-29334 is an authentication bypass vulnerability in H v1.0 that allows attackers to gain una...

Same vulnerability type (CWE-294)
CVE-2018-17932 9.8

CVE-2018-17932 affects JUUKO K-800 industrial control devices, allowing attackers to replay commands...

Same vulnerability type (CWE-294)