CVE-2020-9058

Name of the Vulnerable Software and Affected Versions Z-Wave devices based on Silicon Labs 500 series chipsets versions (affected versions not specified) Linear LB60Z-1 version 3.5 Dome DM501 version 4.26 Jasco ZW4201 version 4.05

Description The issue concerns Z-Wave devices that do not implement encryption or replay protection, specifically those based on Silicon Labs 500 series chipsets using CRC-16 encapsulation.

Recommendations For Linear LB60Z-1 version 3.5, consider implementing additional security measures to protect against replay attacks. For Dome DM501 version 4.26, restrict access to sensitive functions until encryption can be implemented. For Jasco ZW4201 version 4.05, avoid using the device for sensitive applications until replay protection is added. At the moment, there is no information about a newer version that contains a fix for this vulnerability.