CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 1CVE-2018-25029
https://notcve.org/view.php?id=CVE-2018-25029
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. La especificación Z-Wave requiere que la seguridad S2 pueda ser degradada a S0 u otros protocolos menos seguros, permitiendo a un atacante dentro del rango de radio durante el emparejamiento degradar y luego explotar una vulnerabilidad diferente (CVE-2013-20003) para interceptar y falsificar el tráfico • https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 1CVE-2013-20003
https://notcve.org/view.php?id=CVE-2013-20003
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. Los dispositivos Z-Wave de Sierra Designs (alrededor de 2013) y Silicon Labs (que usan seguridad S0) pueden usar una clave de red conocida y compartida de todos los ceros, lo que permite a un atacante dentro del rango de radio falsificar el tráfico Z-Wave • https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •