CVE-2013-20003

Summary

CVE	CVE-2013-20003
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-04 23:15:00 UTC
Updated	2022-02-09 15:41:00 UTC
Description	Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.

Risk And Classification

Problem Types: CWE-338

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Silabs	Zgm130s037hgn	-	All	All	All
Operating System	Silabs	Zgm130s037hgn Firmware	s2	All	All	All
Hardware	Silabs	Zgm2305a27hgn	-	All	All	All
Operating System	Silabs	Zgm2305a27hgn Firmware	s2	All	All	All
Hardware	Silabs	Zgm230sb27hgn	-	All	All	All
Operating System	Silabs	Zgm230sb27hgn Firmware	s2	All	All	All
Hardware	Silabs	Zm5101	-	All	All	All
Operating System	Silabs	Zm5101 Firmware	s2	All	All	All
Hardware	Silabs	Zm5202	-	All	All	All
Operating System	Silabs	Zm5202 Firmware	s2	All	All	All

References

Reference	Source	Link	Tags
sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation...	MISC	sensepost.com
Z-Shave. Exploiting Z-Wave downgrade attacks \| Pen Test Partners	MISC	www.pentestpartners.com
BlackHat Conference: Z-Wave Security	MISC	orangecyberdefense.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.