QwikSec

Security Database

CVE

CWE

Training

CVE-2018-25029

Published: Feb 4, 2022

Modified: Sep 17, 2024

PUBLISHED

Description

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.

Vendor	Product	Versions
Silicon Labs	Z-Wave	affected `S2`

Weaknesses (CWE)

References

https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/

x_refsource_MISC

https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.