Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.
The PF-50 remote transmits a control signal (e.g., arming/disarming the alarm system) without protection against reuse of the intercepted code — which is classified as CWE-294 (Authentication Bypass by Capture-replay). The attacker eavesdrops on the radio transmission during legitimate use of the remote, records the control code, and then replays it at any time to gain unauthorized control over the system. No authentication, user interaction, or specific technical conditions are required.
An attacker can arm or disarm the alarm system without the owner's knowledge, effectively compromising access control to the protected facility. In practice, this means the possibility of complete bypassing of the facility's physical security.
Patches available from the manufacturer should be applied according to references. Until the fix is deployed, it is recommended to limit reliance solely on the radio remote as an access control mechanism and consider implementing additional layers of physical security.
Remote control (keyfob) PF-50 version 1.2 used with the PGST PG107 alarm system firmware version 1.25.05.hf.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H