First published: Fri Jan 07 2022(Updated: )
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linear WADWAZ-1 | =3.43 | |
Linear Wapirz-1 | =3.43 | |
Silabs 100 Series Firmware | ||
Silabs 200 Series Firmware | ||
Silabs 300 Series Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9057 is a vulnerability in Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets that do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.
CVE-2020-9057 has a severity rating of 8.8 (high).
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets are affected by CVE-2020-9057.
Yes, an attacker can also capture and replay Z-Wave traffic with CVE-2020-9057.
To protect your Z-Wave devices from CVE-2020-9057, it is recommended to apply any available firmware upgrades that address the vulnerability.