Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-9057

UNKNOWN
Published 2022-01-07T04:30:23.469790Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-9057. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linear

WADWAZ-1

Affected Versions:

3.43
Linear

WAPIRZ-1

Affected Versions:

3.43
Silicon Labs

100 series

Affected Versions:

all
Silicon Labs

200 series

Affected Versions:

all
Silicon Labs

300 series

Affected Versions:

all

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-pwj3-5896-6xh2

Advisory Details

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

CVSS Scoring

CVSS Score

7.5

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-9057
WEB https://doi.org/10.1109/ACCESS.2021.3138768
WEB https://github.com/CNK2100/VFuzz-public
WEB https://ieeexplore.ieee.org/document/9663293
WEB https://kb.cert.org/vuls/id/142629
WEB https://www.kb.cert.org/vuls/id/142629

Advisory provided by GitHub Security Advisory Database. Published: January 11, 2022, Modified: January 19, 2022

References

https://kb.cert.org/vuls/id/142629
https://ieeexplore.ieee.org/document/9663293
https://github.com/CNK2100/VFuzz-public
https://doi.org/10.1109/ACCESS.2021.3138768
https://www.kb.cert.org/vuls/id/142629
Published: 2022-01-07T04:30:23.469790Z
Last Modified: 2024-09-16T20:03:41.584Z
Copied to clipboard!