CVE Vulnerability

CVE-2020-9060

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

6.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.5 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/CNK2100/VFuzz-public Third Party Advisory
https://kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
https://ieeexplore.ieee.org/document/9663293 Broken Link
https://doi.org/10.1109/ACCESS.2021.3138768 Broken Link
https://www.kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:aeotec:zw090-a:3.95:*:*:*:*:*:*:*
cpe:2.3:o:zooz:zst10:6.04:*:*:*:*:*:*:*
cpe:2.3:o:zooz:zen20:5.03:*:*:*:*:*:*:*
cpe:2.3:o:zooz:zen25:5.03:*:*:*:*:*:*:*
cpe:2.3:o:fibaro:fgwpb-111:4.3:*:*:*:*:*:*:*
Information

Published : 2022-01-10 02:10

Updated : 2022-09-20 05:16

NVD link : CVE-2020-9060

Mitre link : CVE-2020-9060

Products Affected
No products.
CWE
CWE-400