HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2018-25029

CVSS 8.1v3.1pub. 2022-02-04upd. 2024-11-21

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Silabs Zgm130s037hgn

    HW
    Silabs
    wszystkie wersje
  • Silabs Zgm130s037hgn Firmware

    OS
    Silabs
    s2
  • Silabs Zgm2305a27hgn

    HW
    Silabs
    wszystkie wersje
  • Silabs Zgm2305a27hgn Firmware

    OS
    Silabs
    s2
  • Silabs Zgm230sb27hgn

    HW
    Silabs
    wszystkie wersje
  • Silabs Zgm230sb27hgn Firmware

    OS
    Silabs
    s2
  • Silabs Zm5101

    HW
    Silabs
    wszystkie wersje
  • Silabs Zm5101 Firmware

    OS
    Silabs
    s2
  • Silabs Zm5202

    HW
    Silabs
    wszystkie wersje
  • Silabs Zm5202 Firmware

    OS
    Silabs
    s2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-50920HIGH8.8ten sam produkt

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fa...

CVE-2024-50930HIGH8.8ten sam produkt

An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.

CVE-2013-20003HIGH8.3ten sam produkt

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared n...

CVE-2024-50928MEDIUM6.5ten sam produkt

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the ...

CVE-2024-50929MEDIUM6.2ten sam produkt

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily...