CVE-2020-9060

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
References
Link Resource
https://github.com/CNK2100/VFuzz-public Third Party Advisory
https://kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
https://ieeexplore.ieee.org/document/9663293 Broken Link
https://doi.org/10.1109/ACCESS.2021.3138768 Broken Link
https://www.kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:aeotec:zw090-a:3.95:*:*:*:*:*:*:*
cpe:2.3:o:zooz:zst10:6.04:*:*:*:*:*:*:*
cpe:2.3:o:zooz:zen20:5.03:*:*:*:*:*:*:*
cpe:2.3:o:zooz:zen25:5.03:*:*:*:*:*:*:*
cpe:2.3:o:fibaro:fgwpb-111:4.3:*:*:*:*:*:*:*

Information

Published : 2022-01-10 02:10

Updated : 2022-09-20 05:16


NVD link : CVE-2020-9060

Mitre link : CVE-2020-9060

Products Affected
No products.
CWE