CVE-2022-24611
https://notcve.org/view.php?id=CVE-2022-24611
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. Una denegación de servicio (DoS) en la especificación del protocolo Z-Wave S0 NonceGet en la serie Z-Wave 500 de Silicon Labs permite a atacantes locales bloquear la red Z-Wave protegida S0/S2 por medio de paquetes Z-Wave S0 NonceGet diseñados, usando NodeIDs incluidos pero ausentes • https://github.com/ITSecLab-HSEL/CVE-2022-24611 http://z-wave.com •
CVE-2018-25029
https://notcve.org/view.php?id=CVE-2018-25029
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. La especificación Z-Wave requiere que la seguridad S2 pueda ser degradada a S0 u otros protocolos menos seguros, permitiendo a un atacante dentro del rango de radio durante el emparejamiento degradar y luego explotar una vulnerabilidad diferente (CVE-2013-20003) para interceptar y falsificar el tráfico • https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVE-2013-20003
https://notcve.org/view.php?id=CVE-2013-20003
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. Los dispositivos Z-Wave de Sierra Designs (alrededor de 2013) y Silicon Labs (que usan seguridad S0) pueden usar una clave de red conocida y compartida de todos los ceros, lo que permite a un atacante dentro del rango de radio falsificar el tráfico Z-Wave • https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •