Vulnerability Description
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linear | Wadwaz-1 | 3.43 |
| Linear | Wapirz-1 | 3.43 |
| Silabs | 100 Series Firmware | All versions |
| Silabs | 200 Series Firmware | All versions |
| Silabs | 300 Series Firmware | All versions |
Related Weaknesses (CWE)
References
- https://doi.org/10.1109/ACCESS.2021.3138768Broken Link
- https://github.com/CNK2100/VFuzz-publicThird Party Advisory
- https://ieeexplore.ieee.org/document/9663293Broken Link
- https://kb.cert.org/vuls/id/142629Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/142629Third Party AdvisoryUS Government Resource
- https://doi.org/10.1109/ACCESS.2021.3138768Broken Link
- https://github.com/CNK2100/VFuzz-publicThird Party Advisory
- https://ieeexplore.ieee.org/document/9663293Broken Link
- https://kb.cert.org/vuls/id/142629Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/142629Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-9057?
CVE-2020-9057 is a vulnerability with a CVSS score of 8.8 (HIGH). Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerabl...
How severe is CVE-2020-9057?
CVE-2020-9057 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9057?
Check the references section above for vendor advisories and patch information. Affected products include: Linear Wadwaz-1, Linear Wapirz-1, Silabs 100 Series Firmware, Silabs 200 Series Firmware, Silabs 300 Series Firmware.