PT-2022-7730 · Z-Wave · Z-Wave

Published

2022-02-04

Updated

2022-02-09

CVE-2013-20003

CVSS v2.0

7.9

High

Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security)

Description The issue affects Z-Wave devices, allowing an attacker within radio range to spoof traffic due to the use of a known, shared network key of all zeros. This enables potential manipulation of the devices.

Recommendations For Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security), consider changing the network key to a unique, non-zero value to prevent spoofing. As a temporary workaround, restrict access to the devices to minimize the risk of exploitation.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-338

Related Identifiers

CVE-2013-20003

Affected Products

Z-Wave

PT-2022-7730 · Z-Wave · Z-Wave

CVE-2013-20003

Weakness Enumeration

Related Identifiers

Affected Products

References · 5