First published: Wed May 23 2018(Updated: )
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Zgm130s037hgn Firmware | =s2 | |
Silabs Zgm130s037hgn | ||
Silabs Zm5202 Firmware | =s2 | |
Silabs Zm5202 | ||
Silabs Zm5101 Firmware | =s2 | |
Silabs Zm5101 | ||
Silabs Zgm2305a27hgn Firmware | =s2 | |
Silabs Zgm2305a27hgn | ||
Silabs Zgm230sb27hgn Firmware | =s2 | |
Silabs Zgm230sb27hgn |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-25029 is a vulnerability in the Z-Wave specification that allows an attacker within radio range to downgrade S2 security to S0 or other less secure protocols.
CVE-2018-25029 allows an attacker within radio range to exploit a different vulnerability (CVE-2013-20003) by downgrading the security level during pairing, which enables them to intercept and spoof traffic.
CVE-2018-25029 has a severity rating of 8.1 (High).
Silabs Zgm130s037hgn Firmware (version s2), Silabs Zm5202 Firmware (version s2), Silabs Zm5101 Firmware (version s2), Silabs Zgm2305a27hgn Firmware (version s2), and Silabs Zgm230sb27hgn Firmware (version s2) are affected by CVE-2018-25029.
To fix CVE-2018-25029, it is recommended to update the affected software and firmware to a version that addresses this vulnerability.