CVE-2020-9057
Published: Jan 7, 2022
Modified: Sep 16, 2024
Description
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.
| Vendor | Product | Versions |
|---|---|---|
Linear | WADWAZ-1 | affected 3.43 |
Linear | WAPIRZ-1 | affected 3.43 |
Silicon Labs | 100 series | affected all |
Silicon Labs | 200 series | affected all |
Silicon Labs | 300 series | affected all |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now