CVE-2020-9060 Information

Description

Z-Wave devices based on Silicon Labs 500 series chipsets using S2 including but likely not limited to the ZooZ ZST10 version 6.04 ZooZ ZEN20 version 5.03 ZooZ ZEN25 version 5.03 Aeon Labs ZW090-A version 3.95 and Fibaro FGWPB-111 version 4.3 are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET SECURITY NONCE GET 2 NO OPERATION or NIF REQUEST messages.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/CNK2100/VFuzz-public https://kb.cert.org/vuls/id/142629 https://ieeexplore.ieee.org/document/9663293 https://doi.org/10.1109/ACCESS.2021.3138768 https://www.kb.cert.org/vuls/id/142629

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5