The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code, an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device.
05/09/18 - ZDI reported the issue to ICS-CERT
Philippe Z Lin