Podatność CVE-2020-9057


Publikacja: 2022-01-10

Opis:
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Typ:

CWE-311

(Missing Encryption of Sensitive Data)

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
8.3/10
10/10
6.5/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Sieć lokalna
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Silabs -> 100 series firmware 
Silabs -> 200 series firmware 
Silabs -> 300 series firmware 
Linear -> Wadwaz-1 
Linear -> Wapirz-1 

 Referencje:
https://github.com/CNK2100/VFuzz-public
https://kb.cert.org/vuls/id/142629
https://ieeexplore.ieee.org/document/9663293
https://doi.org/10.1109/ACCESS.2021.3138768
https://www.kb.cert.org/vuls/id/142629

Copyright 2024, cxsecurity.com

 

Back to Top