CRITICAL🇵🇱 Wersja polska

CVE-2025-67135

CVSS 9.8v3.1pub. 2026-02-11upd. 2026-04-15

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.

🤖 AI Analysis
How it works

The PF-50 remote transmits a control signal (e.g., arming/disarming the alarm system) without protection against reuse of the intercepted code — which is classified as CWE-294 (Authentication Bypass by Capture-replay). The attacker eavesdrops on the radio transmission during legitimate use of the remote, records the control code, and then replays it at any time to gain unauthorized control over the system. No authentication, user interaction, or specific technical conditions are required.

Impact

An attacker can arm or disarm the alarm system without the owner's knowledge, effectively compromising access control to the protected facility. In practice, this means the possibility of complete bypassing of the facility's physical security.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Until the fix is deployed, it is recommended to limit reliance solely on the radio remote as an access control mechanism and consider implementing additional layers of physical security.

Who is affected

Remote control (keyfob) PF-50 version 1.2 used with the PGST PG107 alarm system firmware version 1.25.05.hf.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References