Описание
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:silabs:zgm130s037hgn_firmware:s2:*:*:*:*:*:*:*
cpe:2.3:h:silabs:zgm130s037hgn:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:silabs:zm5202_firmware:s2:*:*:*:*:*:*:*
cpe:2.3:h:silabs:zm5202:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:silabs:zm5101_firmware:s2:*:*:*:*:*:*:*
cpe:2.3:h:silabs:zm5101:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:silabs:zgm2305a27hgn_firmware:s2:*:*:*:*:*:*:*
cpe:2.3:h:silabs:zgm2305a27hgn:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:silabs:zgm230sb27hgn_firmware:s2:*:*:*:*:*:*:*
cpe:2.3:h:silabs:zgm230sb27hgn:-:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00094
Низкий
8.1 High
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-757
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
EPSS
Процентиль: 26%
0.00094
Низкий
8.1 High
CVSS3
4.8 Medium
CVSS2
Дефекты
CWE-757
NVD-CWE-Other