all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities

Add to bookmarks
Jan. 7, 2022, 9:54 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are inherent in Z-Wave protocol specifications.


Description


Z-Wave devices based on Silicon Labs chipsets have multiple vulnerabilities. For further details, including specific devices tested, see Riding the IoT Wave With VFuzz: Discovering Security Flaws in Smart Homes.


CVE-2020-9057
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets …

labs silicon silicon labs vulnerabilities

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 6 days, 10 hours ago | kb.cert.org
abuse access attacker baseboard management controller +17
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 1 week ago | kb.cert.org
arbitrary code arbitrary code execution attacker can +15
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 2 weeks, 6 days ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 3 weeks, 5 days ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 3 weeks, 6 days ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 2 weeks ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 3 weeks ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 1 month, 4 weeks ago | kb.cert.org
app attacks bluetooth called +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Operations Program Manager

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Sr. Network Security engineer

@ NXP Semiconductors | Bengaluru (Nagavara)
View on infosec-jobs.com

DevSecOps Engineer

@ RP Pro Services | Washington, District of Columbia, United States
View on infosec-jobs.com

Consultant RSSI H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

TW Senior Test Automation Engineer (Access Control & Intrusion Systems)

@ Bosch Group | Taipei, Taiwan
View on infosec-jobs.com

Cyber Security, Senior Manager

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com
View more jobs