Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-20003

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.

Published

2022-02-04T23:15:09.627

Last Modified

2024-11-21T01:50:49.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

5.5

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-327
  • Type: Primary
    CWE-338
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System silabs zgm130s037hgn_firmware s2 Yes
Hardware silabs zgm130s037hgn - No
Operating System silabs zm5202_firmware s2 Yes
Hardware silabs zm5202 - No
Operating System silabs zm5101_firmware s2 Yes
Hardware silabs zm5101 - No
Operating System silabs zgm2305a27hgn_firmware s2 Yes
Hardware silabs zgm2305a27hgn - No
Operating System silabs zgm230sb27hgn_firmware s2 Yes
Hardware silabs zgm230sb27hgn - No
References