Title: CVE-2019-9657: Alarm.com ADC-V522IR 0100b9 Insecure OpenVPN certificate.
Affected Vendor: Alarm.com
Affected Product: ADC-V522IR
Affected Version: 0100b9, potentially others
Platform: Embedded Linux
Impact: OpenVPN private certificate access.
Attack vector: shell
Any user with access to the Alarm.com camera can access Alarm.com's unencrypted OpenVPN certificate.
Alarm.com did not encrypt or use a form of mandatory access control to protect the Alarm.com OpenVPN private certificate.
Jul 12, 2019 - Vendor responded, fixes forthcoming.
Jul 9, 2019 - Published.
Mar 8, 2019 - Vendor responded, but did not have any additional information.
Jan 2, 2019 - Vendor contacted.
Dec 7, 2018 - Vendor contacted.
Nov 26, 2018 - Proof of concept disclosed to vendor.
Oct 22, 2018 - Vendor contacted.