Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for 500 series by Silicon Labs

    CVE-2020-9061 (GCVE-0-2020-9061)

    Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-17 03:28
    VLAI
    Summary
    Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZST10",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "700 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "UZB-7",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.00"
                }
              ]
            },
            {
              "product": "STH-ETH-200",
              "vendor": "Samsung",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                }
              ]
            },
            {
              "product": "ZW090-A",
              "vendor": "Aeon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.95"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:16.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9061",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZST10",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZooZ"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "700 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "UZB-7",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STH-ETH-200",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZW090-A",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.95"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Aeon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9061",
        "datePublished": "2022-01-07T04:30:29.498Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:48.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9060 (GCVE-0-2020-9060)

    Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
    Severity
    No CVSS data available.
    CWE
    • CWE-346 - Origin Validation Error
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZEN25",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.03"
                }
              ]
            },
            {
              "product": "ZEN20",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.03"
                }
              ]
            },
            {
              "product": "ZST10",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                }
              ]
            },
            {
              "product": "FGWPB-111",
              "vendor": "Fibaro",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ZW090-A",
              "vendor": "Aeon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.95"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:11.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9060",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZEN25",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "5.03"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ZEN20",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "5.03"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ZST10",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZooZ"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FGWPB-111",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fibaro"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZW090-A",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.95"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Aeon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-346 Origin Validation Error"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9060",
        "datePublished": "2022-01-07T04:30:28.026Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:05.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9059 (GCVE-0-2020-9059)

    Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-16 19:25
    VLAI
    Summary
    Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BE468",
              "vendor": "Schlage",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.42"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:13.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9059",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BE468",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.42"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schlage"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9059",
        "datePublished": "2022-01-07T04:30:26.522Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:25:18.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9058 (GCVE-0-2020-9058)

    Vulnerability from nvd – Published: 2022-01-07 04:30 – Updated: 2024-09-16 23:41
    VLAI
    Summary
    Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
    Severity
    No CVSS data available.
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LB60Z-1",
              "vendor": "Linear",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5"
                }
              ]
            },
            {
              "product": "DM501",
              "vendor": "Dome",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.26"
                }
              ]
            },
            {
              "product": "ZW4201",
              "vendor": "Jasco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.05"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:18.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9058",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LB60Z-1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linear"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DM501",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "4.26"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dome"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZW4201",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "4.05"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jasco"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-311 Missing Encryption of Sensitive Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9058",
        "datePublished": "2022-01-07T04:30:25.088Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:41:50.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9061 (GCVE-0-2020-9061)

    Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-17 03:28
    VLAI
    Summary
    Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.812Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZST10",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "700 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "UZB-7",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.00"
                }
              ]
            },
            {
              "product": "STH-ETH-200",
              "vendor": "Samsung",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                }
              ]
            },
            {
              "product": "ZW090-A",
              "vendor": "Aeon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.95"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:16.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9061",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZST10",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZooZ"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "700 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "UZB-7",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "7.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STH-ETH-200",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZW090-A",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.95"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Aeon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9061",
        "datePublished": "2022-01-07T04:30:29.498Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:28:48.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9060 (GCVE-0-2020-9060)

    Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
    Severity
    No CVSS data available.
    CWE
    • CWE-346 - Origin Validation Error
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.795Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZEN25",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.03"
                }
              ]
            },
            {
              "product": "ZEN20",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.03"
                }
              ]
            },
            {
              "product": "ZST10",
              "vendor": "ZooZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                }
              ]
            },
            {
              "product": "FGWPB-111",
              "vendor": "Fibaro",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "ZW090-A",
              "vendor": "Aeon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.95"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:11.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9060",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZEN25",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "5.03"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ZEN20",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "5.03"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "ZST10",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZooZ"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FGWPB-111",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Fibaro"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZW090-A",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.95"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Aeon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-346 Origin Validation Error"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9060",
        "datePublished": "2022-01-07T04:30:28.026Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:05.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9059 (GCVE-0-2020-9059)

    Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 19:25
    VLAI
    Summary
    Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BE468",
              "vendor": "Schlage",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.42"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:13.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9059",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BE468",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.42"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schlage"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400 Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9059",
        "datePublished": "2022-01-07T04:30:26.522Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:25:18.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9058 (GCVE-0-2020-9058)

    Vulnerability from cvelistv5 – Published: 2022-01-07 04:30 – Updated: 2024-09-16 23:41
    VLAI
    Summary
    Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
    Severity
    No CVSS data available.
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    References
    URL Tags
    https://kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    https://ieeexplore.ieee.org/document/9663293 x_refsource_MISC
    https://github.com/CNK2100/VFuzz-public x_refsource_MISC
    https://doi.org/10.1109/ACCESS.2021.3138768 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/142629 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2021-12-27 00:00
    Credits
    Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:19:19.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/142629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ieeexplore.ieee.org/document/9663293"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/CNK2100/VFuzz-public"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
              },
              {
                "name": "VU#142629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/142629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LB60Z-1",
              "vendor": "Linear",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.5"
                }
              ]
            },
            {
              "product": "DM501",
              "vendor": "Dome",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.26"
                }
              ]
            },
            {
              "product": "ZW4201",
              "vendor": "Jasco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.05"
                }
              ]
            },
            {
              "product": "500 series",
              "vendor": "Silicon Labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
            }
          ],
          "datePublic": "2021-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "CWE-311 Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-07T23:06:18.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://kb.cert.org/vuls/id/142629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ieeexplore.ieee.org/document/9663293"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/CNK2100/VFuzz-public"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
            },
            {
              "name": "VU#142629",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/142629"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2021-12-27T05:00:00.000Z",
              "ID": "CVE-2020-9058",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LB60Z-1",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Linear"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DM501",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "4.26"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dome"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZW4201",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "4.05"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jasco"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "500 series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Silicon Labs"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-311 Missing Encryption of Sensitive Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://kb.cert.org/vuls/id/142629",
                  "refsource": "CERT-VN",
                  "url": "https://kb.cert.org/vuls/id/142629"
                },
                {
                  "name": "https://ieeexplore.ieee.org/document/9663293",
                  "refsource": "MISC",
                  "url": "https://ieeexplore.ieee.org/document/9663293"
                },
                {
                  "name": "https://github.com/CNK2100/VFuzz-public",
                  "refsource": "MISC",
                  "url": "https://github.com/CNK2100/VFuzz-public"
                },
                {
                  "name": "https://doi.org/10.1109/ACCESS.2021.3138768",
                  "refsource": "MISC",
                  "url": "https://doi.org/10.1109/ACCESS.2021.3138768"
                },
                {
                  "name": "VU#142629",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/142629"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2020-9058",
        "datePublished": "2022-01-07T04:30:25.088Z",
        "dateReserved": "2020-02-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:41:50.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }