Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-9060

UNKNOWN
Published 2022-01-07T04:30:28.026531Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-9060. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

ZooZ

ZEN25

Affected Versions:

5.03
ZooZ

ZEN20

Affected Versions:

5.03
ZooZ

ZST10

Affected Versions:

6.04
Fibaro

FGWPB-111

Affected Versions:

4.3
Silicon Labs

500 series

Affected Versions:

all
Aeon Labs

ZW090-A

Affected Versions:

3.95

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-rcjh-h6hv-xwcc

Advisory Details

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-9060
WEB https://doi.org/10.1109/ACCESS.2021.3138768
WEB https://github.com/CNK2100/VFuzz-public
WEB https://ieeexplore.ieee.org/document/9663293
WEB https://kb.cert.org/vuls/id/142629
WEB https://www.kb.cert.org/vuls/id/142629

Advisory provided by GitHub Security Advisory Database. Published: January 11, 2022, Modified: September 21, 2022

References

https://kb.cert.org/vuls/id/142629
https://ieeexplore.ieee.org/document/9663293
https://github.com/CNK2100/VFuzz-public
https://doi.org/10.1109/ACCESS.2021.3138768
https://www.kb.cert.org/vuls/id/142629
Published: 2022-01-07T04:30:28.026531Z
Last Modified: 2024-09-16T16:33:05.408Z
Copied to clipboard!