First published: Fri Feb 04 2022(Updated: )
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Zgm130s037hgn Firmware | =s2 | |
Silabs Zgm130s037hgn | ||
Silabs Zm5202 Firmware | =s2 | |
Silabs Zm5202 | ||
Silabs Zm5101 Firmware | =s2 | |
Silabs Zm5101 | ||
Silabs Zgm2305a27hgn Firmware | =s2 | |
Silabs Zgm2305a27hgn | ||
Silabs Zgm230sb27hgn Firmware | =s2 | |
Silabs Zgm230sb27hgn |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-20003 is a vulnerability in Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) that allows an attacker within radio range to spoof Z-Wave traffic.
CVE-2013-20003 occurs because Z-Wave devices from Sierra Designs and Silicon Labs use a known, shared network key of all zeros, making it possible for an attacker to impersonate Z-Wave traffic.
CVE-2013-20003 has a severity value of 8.3 out of 10, indicating a high severity.
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) are affected by CVE-2013-20003.
To fix CVE-2013-20003, it is recommended to update the firmware of the affected Z-Wave devices to a version that addresses the vulnerability.