CVE-2020-9057
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.
Los dispositivos Z-Wave basados en los conjuntos de chips de las series 100, 200 y 300 de Silicon Labs no admiten cifrado, permitiendo a un atacante dentro del alcance de la radio tomar el control o causar una denegación de servicio en un dispositivo vulnerable. Un atacante también puede capturar y reproducir el tráfico Z-Wave. Las actualizaciones de firmware no pueden abordar directamente esta vulnerabilidad, ya que es un problema con la especificación Z-Wave para estos conjuntos de chips heredados. Una forma de protegerse contra esta vulnerabilidad es usar los conjuntos de chips de las series 500 o 700 que soportan el cifrado de Seguridad 2 (S2). Como ejemplos, el Linear WADWAZ-1 versión 3.43 y WAPIRZ-1 versión 3.43 (con chipsets de la serie 300) son vulnerables
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-18 CVE Reserved
- 2022-01-07 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-311: Missing Encryption of Sensitive Data
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://doi.org/10.1109/ACCESS.2021.3138768 | Broken Link | |
| https://github.com/CNK2100/VFuzz-public | Third Party Advisory | |
| https://ieeexplore.ieee.org/document/9663293 | Broken Link | |
| https://kb.cert.org/vuls/id/142629 | Third Party Advisory |
|
| https://www.kb.cert.org/vuls/id/142629 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linear Search vendor "Linear" | Wadwaz-1 Search vendor "Linear" for product "Wadwaz-1" | 3.43 Search vendor "Linear" for product "Wadwaz-1" and version "3.43" | - |
Affected
| ||||||
| Linear Search vendor "Linear" | Wapirz-1 Search vendor "Linear" for product "Wapirz-1" | 3.43 Search vendor "Linear" for product "Wapirz-1" and version "3.43" | - |
Affected
| ||||||
| Silabs Search vendor "Silabs" | 100 Series Firmware Search vendor "Silabs" for product "100 Series Firmware" | * | - |
Affected
| ||||||
| Silabs Search vendor "Silabs" | 200 Series Firmware Search vendor "Silabs" for product "200 Series Firmware" | * | - |
Affected
| ||||||
| Silabs Search vendor "Silabs" | 300 Series Firmware Search vendor "Silabs" for product "300 Series Firmware" | * | - |
Affected
| ||||||