CVE-2020-9059
Summary
| CVE | CVE-2020-9059 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-10 14:10:00 UTC |
| Updated | 2022-09-20 17:16:00 UTC |
| Description | Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. |
Risk And Classification
Problem Types: CWE-770
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Schlage | Be468 | 3.42 | All | All | All |
| Operating System | Silabs | 500 Series Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VU#142629 - Silicon Labs Z-Wave chipsets contain multiple vulnerabilities | CERT-VN | kb.cert.org | |
| GitHub - CNK2100/VFuzz-public | MISC | github.com | |
| Riding the IoT Wave with VFuzz: Discovering Security Flaws in Smart Home | IEEE Journals & Magazine | IEEE Xplore | MISC | ieeexplore.ieee.org | |
| Riding the IoT Wave with VFuzz: Discovering Security Flaws in Smart Home | IEEE Journals & Magazine | IEEE Xplore | MISC | doi.org | |
| VU#142629 - Silicon Labs Z-Wave chipsets contain multiple vulnerabilities | CERT-VN | www.kb.cert.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
There are currently no legacy QID mappings associated with this CVE.