RSS   Vulnerabilities for '500 series firmware'   RSS

2022-01-10
 
CVE-2020-9058

CWE-311
 

 
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.

 
 
CVE-2020-9059

CWE-400
 

 
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.

 
 
CVE-2020-9060

CWE-400
 

 
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

 
 
CVE-2020-9061

NVD-CWE-noinfo
 

 
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.

 

 >>> Vendor: Silabs 10 Products
700 series firmware
Z-wave s0 firmware
Z-wave s2 firmware
Bluetooth low energy software development kit
Micrium uc-http
Uzb-7
500 series firmware
100 series firmware
200 series firmware
300 series firmware


Copyright 2024, cxsecurity.com

 

Back to Top