8.3
CVE-2013-20003
- EPSS 0.14%
- Published 04.02.2022 23:15:09
- Last modified 21.11.2024 01:50:49
- Source cret@cert.org
- Teams watchlist Login
- Open Login
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.
Data is provided by the National Vulnerability Database (NVD)
Silabs ≫ Zgm130s037hgn Firmware Versions2
Silabs ≫ Zm5202 Firmware Versions2
Silabs ≫ Zm5101 Firmware Versions2
Silabs ≫ Zgm2305a27hgn Firmware Versions2
Silabs ≫ Zgm230sb27hgn Firmware Versions2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.307 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.3 | 1.6 | 6 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.9 | 5.5 | 10 |
AV:A/AC:M/Au:N/C:C/I:C/A:C
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.