First published: Mon Dec 27 2021(Updated: )
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs 500 Series Firmware | ||
Dome DM501 | =4.26 | |
Jasco ZW4201 | =4.05 | |
Linear LB60Z-1 | =3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9058 is a vulnerability that affects Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including several specific models.
CVE-2020-9058 has a severity score of 8.1, which is considered high.
Z-Wave devices such as the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05 are affected by CVE-2020-9058.
No, Z-Wave devices affected by CVE-2020-9058 do not implement encryption or replay protection.
To mitigate the CVE-2020-9058 vulnerability, it is recommended to apply any firmware updates or patches provided by the manufacturer of the affected Z-Wave devices.