Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-9057

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Published

2022-01-10T14:10:16.150

Last Modified

2024-11-21T05:39:55.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.5

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-311
  • Type: Primary
    CWE-311
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linear wadwaz-1 3.43 Yes
Operating System linear wapirz-1 3.43 Yes
Operating System silabs 100_series_firmware * Yes
Operating System silabs 200_series_firmware * Yes
Operating System silabs 300_series_firmware * Yes
References