Z-Wave Devices with Silicon Labs 500 Series Chipsets: Lack of Encryption and Replay Protection

Z-Wave Devices with Silicon Labs 500 Series Chipsets: Lack of Encryption and Replay Protection

CVE-2020-9058 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.

Learn more about our Web Application Penetration Testing UK.