CVE-2020-9058 Information

Description

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation including but likely not limited to the Linear LB60Z-1 version 3.5 Dome DM501 version 4.26 and Jasco ZW4201 version 4.05 do not implement encryption or replay protection.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://github.com/CNK2100/VFuzz-public https://kb.cert.org/vuls/id/142629 https://ieeexplore.ieee.org/document/9663293 https://doi.org/10.1109/ACCESS.2021.3138768 https://www.kb.cert.org/vuls/id/142629

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

8.1