{"containers": {"cna": {"affected": [{"product": "LB60Z-1", "vendor": "Linear", "versions": [{"status": "affected", "version": "3.5"}]}, {"product": "DM501", "vendor": "Dome", "versions": [{"status": "affected", "version": "4.26"}]}, {"product": "ZW4201", "vendor": "Jasco", "versions": [{"status": "affected", "version": "4.05"}]}, {"product": "500 series", "vendor": "Silicon Labs", "versions": [{"status": "affected", "version": "all"}]}], "credits": [{"lang": "en", "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"}], "datePublic": "2021-12-27T00:00:00", "descriptions": [{"lang": "en", "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-07T23:06:18", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://kb.cert.org/vuls/id/142629"}, {"tags": ["x_refsource_MISC"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"tags": ["x_refsource_MISC"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"name": "VU#142629", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/142629"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2021-12-27T05:00:00.000Z", "ID": "CVE-2020-9058", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LB60Z-1", "version": {"version_data": [{"version_affected": "=", "version_value": "3.5"}]}}]}, "vendor_name": "Linear"}, {"product": {"product_data": [{"product_name": "DM501", "version": {"version_data": [{"version_affected": "=", "version_value": "4.26"}]}}]}, "vendor_name": "Dome"}, {"product": {"product_data": [{"product_name": "ZW4201", "version": {"version_data": [{"version_affected": "=", "version_value": "4.05"}]}}]}, "vendor_name": "Jasco"}, {"product": {"product_data": [{"product_name": "500 series", "version": {"version_data": [{"version_affected": "=", "version_value": "all"}]}}]}, "vendor_name": "Silicon Labs"}]}}, "credit": [{"lang": "eng", "value": "Carlos Nkuba Kayembe, Kim Seulbae, Sven Dietrich, and Heejo Lee"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-311 Missing Encryption of Sensitive Data"}]}]}, "references": {"reference_data": [{"name": "https://kb.cert.org/vuls/id/142629", "refsource": "CERT-VN", "url": "https://kb.cert.org/vuls/id/142629"}, {"name": "https://ieeexplore.ieee.org/document/9663293", "refsource": "MISC", "url": "https://ieeexplore.ieee.org/document/9663293"}, {"name": "https://github.com/CNK2100/VFuzz-public", "refsource": "MISC", "url": "https://github.com/CNK2100/VFuzz-public"}, {"name": "https://doi.org/10.1109/ACCESS.2021.3138768", "refsource": "MISC", "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"name": "VU#142629", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/142629"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:19.970Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://kb.cert.org/vuls/id/142629"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"name": "VU#142629", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/142629"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2020-9058", "datePublished": "2022-01-07T04:30:25.088470Z", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2024-09-16T23:41:50.495Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "92760285-A1DD-4569-AD71-834BBF2D9E64", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dome:dm501:4.26:*:*:*:*:*:*:*", "matchCriteriaId": "FB98AB76-E79B-4B2C-B660-BB76CAF1F270", "vulnerable": true}, {"criteria": "cpe:2.3:o:jasco:zw4201:4.05:*:*:*:*:*:*:*", "matchCriteriaId": "C9733CB5-0006-46B8-83F4-26539032BDAD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linear:lb60z-1:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8F3546F0-395D-4B57-B15D-E55062B72A22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection."}, {"lang": "es", "value": "Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 500 de Silicon Labs que usan encapsulaci\u00f3n CRC-16, incluidos, entre otros, el Linear LB60Z-1 versi\u00f3n 3.5, el Dome DM501 versi\u00f3n 4.26 y el Jasco ZW4201 versi\u00f3n 4.05, no implementan el cifrado ni la protecci\u00f3n contra repeticiones"}], "id": "CVE-2020-9058", "lastModified": "2024-11-21T05:39:55.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-10T14:10:16.227", "references": [{"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/142629"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/142629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://doi.org/10.1109/ACCESS.2021.3138768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/CNK2100/VFuzz-public"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://ieeexplore.ieee.org/document/9663293"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/142629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/142629"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "cret@cert.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}