8.8
CWE
311
Advisory Published
Updated

CVE-2020-9057

First published: Fri Jan 07 2022(Updated: )

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Credit: cret@cert.org

Affected SoftwareAffected VersionHow to fix
Linear WADWAZ-1=3.43
Linear Wapirz-1=3.43
Silabs 100 Series Firmware
Silabs 200 Series Firmware
Silabs 300 Series Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-9057?

    CVE-2020-9057 is a vulnerability in Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets that do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.

  • What is the severity of CVE-2020-9057?

    CVE-2020-9057 has a severity rating of 8.8 (high).

  • Which Z-Wave devices are affected by CVE-2020-9057?

    Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets are affected by CVE-2020-9057.

  • Can an attacker capture and replay Z-Wave traffic with CVE-2020-9057?

    Yes, an attacker can also capture and replay Z-Wave traffic with CVE-2020-9057.

  • How can I protect my Z-Wave devices from CVE-2020-9057?

    To protect your Z-Wave devices from CVE-2020-9057, it is recommended to apply any available firmware upgrades that address the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203