CVE-2021-27289

Name of the Vulnerable Software and Affected Versions Ksix Zigbee smart home kit versions v1.0.3 through v1.0.12

Description A replay attack issue was discovered in the Zigbee smart home kit, where the anti-replay mechanism based on the frame counter field is improperly implemented. This allows an attacker within wireless range to resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages, enabling spoofed commands to be injected without authentication and triggering false alerts.

Recommendations For version v1.0.3, update the Zigbee Gateway Module to a version with a properly implemented anti-replay mechanism. For version v1.0.7, update the Door Sensor to a version with a properly implemented anti-replay mechanism. For version v1.0.12, update the Motion Sensor to a version with a properly implemented anti-replay mechanism. As a temporary workaround, consider restricting access to the Zigbee network to minimize the risk of exploitation.