CVE-2020-9057

Name of the Vulnerable Software and Affected Versions Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets Linear WADWAZ-1 version 3.43 Linear WAPIRZ-1 version 3.43

Description The issue affects Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets, which do not support encryption. This allows an attacker within radio range to take control of or cause a denial of service to a vulnerable device. The attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this issue as it is a problem with the Z-Wave specification for these legacy chipsets.

Recommendations For Linear WADWAZ-1 version 3.43, consider replacing the device with one that uses 500 or 700 series chipsets that support Security 2 (S2) encryption. For Linear WAPIRZ-1 version 3.43, consider replacing the device with one that uses 500 or 700 series chipsets that support Security 2 (S2) encryption. For Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets, consider upgrading to devices that use 500 or 700 series chipsets that support Security 2 (S2) encryption.