8.1
CWE
757
Advisory Published
Updated

CVE-2018-25029

First published: Wed May 23 2018(Updated: )

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.

Credit: cret@cert.org

Affected SoftwareAffected VersionHow to fix
Silabs Zgm130s037hgn Firmware=s2
Silabs Zgm130s037hgn
Silabs Zm5202 Firmware=s2
Silabs Zm5202
Silabs Zm5101 Firmware=s2
Silabs Zm5101
Silabs Zgm2305a27hgn Firmware=s2
Silabs Zgm2305a27hgn
Silabs Zgm230sb27hgn Firmware=s2
Silabs Zgm230sb27hgn

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2018-25029?

    CVE-2018-25029 is a vulnerability in the Z-Wave specification that allows an attacker within radio range to downgrade S2 security to S0 or other less secure protocols.

  • How does CVE-2018-25029 work?

    CVE-2018-25029 allows an attacker within radio range to exploit a different vulnerability (CVE-2013-20003) by downgrading the security level during pairing, which enables them to intercept and spoof traffic.

  • What is the severity of CVE-2018-25029?

    CVE-2018-25029 has a severity rating of 8.1 (High).

  • Which software and firmware versions are affected by CVE-2018-25029?

    Silabs Zgm130s037hgn Firmware (version s2), Silabs Zm5202 Firmware (version s2), Silabs Zm5101 Firmware (version s2), Silabs Zgm2305a27hgn Firmware (version s2), and Silabs Zgm230sb27hgn Firmware (version s2) are affected by CVE-2018-25029.

  • How can I fix CVE-2018-25029?

    To fix CVE-2018-25029, it is recommended to update the affected software and firmware to a version that addresses this vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203