What is CVE-2020-9057?

CVE-2020-9057 is a vulnerability in Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets that do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.

What is the severity of CVE-2020-9057?

CVE-2020-9057 has a severity rating of 8.8 (high).

Which Z-Wave devices are affected by CVE-2020-9057?

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets are affected by CVE-2020-9057.

Can an attacker capture and replay Z-Wave traffic with CVE-2020-9057?

Yes, an attacker can also capture and replay Z-Wave traffic with CVE-2020-9057.

How can I protect my Z-Wave devices from CVE-2020-9057?

To protect your Z-Wave devices from CVE-2020-9057, it is recommended to apply any available firmware upgrades that address the vulnerability.

Vulnerability/
CVE-2020-9057

high

8.8

CWE

311

7/1/2022

16/9/2024

CVE-2020-9057

First published: Fri Jan 07 2022(Updated: )

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Linear WADWAZ-1	=3.43
Linear Wapirz-1	=3.43
Silabs 100 Series Firmware
Silabs 200 Series Firmware
Silabs 300 Series Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-9057?
CVE-2020-9057 is a vulnerability in Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets that do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.
What is the severity of CVE-2020-9057?
CVE-2020-9057 has a severity rating of 8.8 (high).
Which Z-Wave devices are affected by CVE-2020-9057?
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets are affected by CVE-2020-9057.
Can an attacker capture and replay Z-Wave traffic with CVE-2020-9057?
Yes, an attacker can also capture and replay Z-Wave traffic with CVE-2020-9057.
How can I protect my Z-Wave devices from CVE-2020-9057?
To protect your Z-Wave devices from CVE-2020-9057, it is recommended to apply any available firmware upgrades that address the vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/linear
canonical/linear wadwaz-1
version/linear wadwaz-1/3.43
canonical/linear wapirz-1
version/linear wapirz-1/3.43
vendor/silabs
canonical/silabs 100 series firmware
canonical/silabs 200 series firmware
canonical/silabs 300 series firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.