CVE-2018-19982

Name of the Vulnerable Software and Affected Versions KT MC01507L Z-Wave S0 devices (affected versions not specified)

Description The issue arises due to the lack of HPKP implementation, allowing an attacker on the same network as the target HUB to intercept cleartext communication between the Server and Controller. The attacker can use IP Changer to redirect packets to a proxy-server IP address, enabling them to sniff cleartext commands. By using the proxy server's fake certificate, the attacker can control each Node of the HUB. Additionally, operating the HUB in Z-Wave Pairing Mode allows the attacker to obtain the Z-Wave network key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.