What is CVE-2018-25029?

CVE-2018-25029 is a vulnerability in the Z-Wave specification that allows an attacker within radio range to downgrade S2 security to S0 or other less secure protocols.

How does CVE-2018-25029 work?

CVE-2018-25029 allows an attacker within radio range to exploit a different vulnerability (CVE-2013-20003) by downgrading the security level during pairing, which enables them to intercept and spoof traffic.

What is the severity of CVE-2018-25029?

CVE-2018-25029 has a severity rating of 8.1 (High).

Which software and firmware versions are affected by CVE-2018-25029?

Silabs Zgm130s037hgn Firmware (version s2), Silabs Zm5202 Firmware (version s2), Silabs Zm5101 Firmware (version s2), Silabs Zgm2305a27hgn Firmware (version s2), and Silabs Zgm230sb27hgn Firmware (version s2) are affected by CVE-2018-25029.

How can I fix CVE-2018-25029?

To fix CVE-2018-25029, it is recommended to update the affected software and firmware to a version that addresses this vulnerability.

Vulnerability/
CVE-2018-25029

high

8.1

CWE

757

23/5/2018

5/8/2024

CVE-2018-25029

First published: Wed May 23 2018(Updated: )

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Silabs Zgm130s037hgn Firmware	=s2
Silabs Zgm130s037hgn
Silabs Zm5202 Firmware	=s2
Silabs Zm5202
Silabs Zm5101 Firmware	=s2
Silabs Zm5101
Silabs Zgm2305a27hgn Firmware	=s2
Silabs Zgm2305a27hgn
Silabs Zgm230sb27hgn Firmware	=s2
Silabs Zgm230sb27hgn

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-25029?
CVE-2018-25029 is a vulnerability in the Z-Wave specification that allows an attacker within radio range to downgrade S2 security to S0 or other less secure protocols.
How does CVE-2018-25029 work?
CVE-2018-25029 allows an attacker within radio range to exploit a different vulnerability (CVE-2013-20003) by downgrading the security level during pairing, which enables them to intercept and spoof traffic.
What is the severity of CVE-2018-25029?
CVE-2018-25029 has a severity rating of 8.1 (High).
Which software and firmware versions are affected by CVE-2018-25029?
Silabs Zgm130s037hgn Firmware (version s2), Silabs Zm5202 Firmware (version s2), Silabs Zm5101 Firmware (version s2), Silabs Zgm2305a27hgn Firmware (version s2), and Silabs Zgm230sb27hgn Firmware (version s2) are affected by CVE-2018-25029.
How can I fix CVE-2018-25029?
To fix CVE-2018-25029, it is recommended to update the affected software and firmware to a version that addresses this vulnerability.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/silabs
canonical/silabs zgm130s037hgn firmware
version/silabs zgm130s037hgn firmware/s2
canonical/silabs zgm130s037hgn
canonical/silabs zm5202 firmware
version/silabs zm5202 firmware/s2
canonical/silabs zm5202
canonical/silabs zm5101 firmware
version/silabs zm5101 firmware/s2
canonical/silabs zm5101
canonical/silabs zgm2305a27hgn firmware
version/silabs zgm2305a27hgn firmware/s2
canonical/silabs zgm2305a27hgn
canonical/silabs zgm230sb27hgn firmware
version/silabs zgm230sb27hgn firmware/s2
canonical/silabs zgm230sb27hgn

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.