CVE-2020-9057

EPSS 0.4%CWE-311

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Productos afectados

Linear · WADWAZ-1 Linear · WAPIRZ-1 Silicon Labs · 100 series Silicon Labs · 200 series Silicon Labs · 300 series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://doi.org/10.1109/ACCESS.2021.3138768 https://github.com/CNK2100/VFuzz-public https://ieeexplore.ieee.org/document/9663293 https://kb.cert.org/vuls/id/142629 https://www.kb.cert.org/vuls/id/142629