CVE-2013-20003

Published: Feb 4, 2022

Modified: Sep 16, 2024

PUBLISHED

Description

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.

Vendor	Product	Versions
Silicon Labs	Z-Wave	affected `S0`
Sierra Designs	Z-Wave	affected `S0 - < S0`

Weaknesses (CWE)

CWE-327

References

https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf

x_refsource_MISC

https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/

x_refsource_MISC

https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-20003

Description

Affected Products

Weaknesses (CWE)

References