PT-2020-16828 · Texas Instruments · Cc2538+1

Published

2020-10-27

Updated

2021-07-21

CVE-2020-27890

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Texas Instruments CC2538 devices with Z-Stack version 3.0.1

Description The issue arises from the improper processing of a ZCL Write Attributes No Response message in the Zigbee protocol implementation. This results in a crash in the zclParseInWriteCmd() function and fails to update the specific attribute's value.

Recommendations For Texas Instruments CC2538 devices with Z-Stack version 3.0.1, consider updating to a newer version of Z-Stack that properly handles ZCL Write Attributes No Response messages to prevent crashes and ensure attribute values are updated correctly. As a temporary workaround, consider restricting the use of ZCL Write Attributes No Response messages until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-27890

Affected Products

Cc2538

Z-Stack

PT-2020-16828 · Texas Instruments · Cc2538+1

CVE-2020-27890

Related Identifiers

Affected Products

References · 4