CVE-2020-9060

Опубликовано: 10 янв. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 6.1

EPSS Низкий

Описание

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

Ссылки

https://doi.org/10.1109/ACCESS.2021.3138768
Broken Link
https://github.com/CNK2100/VFuzz-public
Third Party Advisory
https://ieeexplore.ieee.org/document/9663293
Broken Link
https://kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource
https://doi.org/10.1109/ACCESS.2021.3138768
Broken Link
https://github.com/CNK2100/VFuzz-public
Third Party Advisory
https://ieeexplore.ieee.org/document/9663293
Broken Link
https://kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:aeotec:zw090-a:3.95:*:*:*:*:*:*:*

cpe:2.3:o:fibaro:fgwpb-111:4.3:*:*:*:*:*:*:*

cpe:2.3:o:zooz:zen20:5.03:*:*:*:*:*:*:*

cpe:2.3:o:zooz:zen25:5.03:*:*:*:*:*:*:*

cpe:2.3:o:zooz:zst10:6.04:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS2

Дефекты

CWE-346

CWE-400

Связанные уязвимости

GHSA-rcjh-h6hv-xwcc