CVE-2020-9058

Summary

CVE	CVE-2020-9058
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-01-10 14:10:00 UTC
Updated	2022-01-18 17:09:00 UTC
Description	Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.

Risk And Classification

Problem Types: CWE-311

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Dome	Dm501	4.26	All	All	All
Operating System	Jasco	Zw4201	4.05	All	All	All
Operating System	Linear	Lb60z-1	3.5	All	All	All
Operating System	Silabs	500 Series Firmware	All	All	All	All

References

Reference	Source	Link	Tags
VU#142629 - Silicon Labs Z-Wave chipsets contain multiple vulnerabilities	CERT-VN	kb.cert.org
GitHub - CNK2100/VFuzz-public	MISC	github.com
Riding the IoT Wave with VFuzz: Discovering Security Flaws in Smart Home \| IEEE Journals & Magazine \| IEEE Xplore	MISC	ieeexplore.ieee.org
Riding the IoT Wave with VFuzz: Discovering Security Flaws in Smart Home \| IEEE Journals & Magazine \| IEEE Xplore	MISC	doi.org
VU#142629 - Silicon Labs Z-Wave chipsets contain multiple vulnerabilities	CERT-VN	www.kb.cert.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee

There are currently no legacy QID mappings associated with this CVE.