Fortress S03 Wi-Fi Security Alarms were disclosed by Rapid7 as being vulnerable to unauthorized remote management attacks, including disabling the alarm system entirely. The attacks are possible due to CVE-2021-39276, a weakness in the device API that allows for unauthorized access, and CVE-2021-39277, a lack of encryption that allows an attacker to record authentication by users and replay that recording later for unauthorized access. These alarms are used in small businesses and homes. No patch or advisory has been released by Fortress; Rapid7 claims that their submitted ticket was closed with no further communication from the vendor and therefore made their announcement in conformance with their established 60-day disclosure policy.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in