CVE-2020-27890
First published: Tue Oct 27 2020(Updated: )
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. It crashes in zclParseInWriteCmd() and does not update the specific attribute's value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ti Z-stack | =3.0.1 | |
| Ti Cc2538 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zigbee protocol implementation issue?
The vulnerability ID for this Zigbee protocol implementation issue is CVE-2020-27890.
What is affected by this vulnerability?
This vulnerability affects Texas Instruments CC2538 devices with Z-Stack 3.0.1.
What is the severity rating of CVE-2020-27890?
The severity rating of CVE-2020-27890 is high with a score of 8.2.
How does this vulnerability manifest in the Zigbee protocol implementation?
This vulnerability causes a crash in zclParseInWriteCmd() when processing a ZCL Write Attributes No Response message, failing to update the specific attribute's value.
Is there a fix or patch available for this vulnerability?
There is no information provided regarding a fix or patch for this vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ti
- canonical/ti z-stack
- version/ti z-stack/3.0.1
- canonical/ti cc2538