8.1

CVE-2020-9058

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DomeDm501 Version4.26
JascoZw4201 Version4.05
LinearLb60z-1 Version3.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.214
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 4.8 6.5 4.9
AV:A/AC:L/Au:N/C:P/I:P/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://doi.org/10.1109/ACCESS.2021.3138768
Broken Link
https://github.com/CNK2100/VFuzz-public
Third Party Advisory
https://ieeexplore.ieee.org/document/9663293
Broken Link
https://kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/142629
Third Party Advisory
US Government Resource