CVE-2025-65552 - Vulnerability Details - OpenCVE

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00107.

Exploitation poc

Automatable yes

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://d3d.com
https://d3dsecurity.com/products/wifi-home-security-system-model-g12
https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2025-65552

History

Tue, 13 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-294
References		https://d3dsecurity.com/products/wifi-home-security-system-model-g12
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 12 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms.
References		http://d3d.com https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2025-65552

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-01-12T00:00:00.000Z

Updated: 2026-01-13T19:08:45.203Z

Reserved: 2025-11-18T00:00:00.000Z

Link: CVE-2025-65552

Vulnrichment

Updated: 2026-01-13T14:20:05.495Z

NVD

Status : Awaiting Analysis

Published: 2026-01-12T15:16:03.607

Modified: 2026-01-13T20:16:06.670

Link: CVE-2025-65552

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-294

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-65552", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-01-13T19:08:45.203Z", "dateReserved": "2025-11-18T00:00:00.000Z", "datePublished": "2026-01-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-12T14:58:00.755Z"}, "descriptions": [{"lang": "en", "value": "D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://d3d.com"}, {"url": "https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2025-65552"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-294", "lang": "en", "description": "CWE-294 Authentication Bypass by Capture-replay"}]}], "references": [{"url": "https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2025-65552", "tags": ["exploit"]}, {"url": "https://d3dsecurity.com/products/wifi-home-security-system-model-g12", "tags": ["product"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T14:19:36.967337Z", "id": "CVE-2025-65552", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T19:08:45.203Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://d3d.com"}, {"url": "https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2025-65552"}], "descriptions": [{"lang": "en", "value": "D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-12T14:58:00.755Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-65552", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T14:19:36.967337Z"}}}], "references": [{"url": "https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2025-65552", "tags": ["exploit"]}, {"url": "https://d3dsecurity.com/products/wifi-home-security-system-model-g12", "tags": ["product"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294 Authentication Bypass by Capture-replay"}]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-01-13T14:20:05.495Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-65552", "state": "PUBLISHED", "dateUpdated": "2026-01-12T14:58:00.755Z", "dateReserved": "2025-11-18T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-01-12T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}