QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-9060

Back to search

CVE-2020-9060

Published: Jan 7, 2022

Modified: Sep 16, 2024

PUBLISHED

Description

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

VendorProductVersions

ZooZ

ZEN25

affected
5.03

ZooZ

ZEN20

affected
5.03

ZooZ

ZST10

affected
6.04

Fibaro

FGWPB-111

affected
4.3

Silicon Labs

500 series

affected
all

Aeon Labs

ZW090-A

affected
3.95

Weaknesses (CWE)

CWE-346
CWE-400

References

https://kb.cert.org/vuls/id/142629
third-party-advisory
x_refsource_CERT-VN
VU#142629
third-party-advisory
x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now