MidnightBSD

Advisories for aeotec

CVE-2020-9060 MEDIUM

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-400,CWE-400,

Products Affected

Vendor Product Version
silabs 500_series_firmware *
aeotec zw090-a 3.95
zooz zen25 5.03
fibaro fgwpb-111 4.3
zooz zst10 6.04
zooz zen20 5.03
CVE-2020-9061 LOW

Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-285,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
silabs 500_series_firmware *
silabs 700_series_firmware -
aeotec zw090-a 3.95
zooz zst10 6.04
silabs uzb-7 7.00
samsung sth-eth-200 6.04