The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
References
Link | Resource |
---|---|
https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure | Third Party Advisory |
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2018-05-23T00:00:00
Updated: 2022-02-04T22:33:06
Reserved: 2022-01-26T00:00:00
Link: CVE-2018-25029
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-04T23:15:09.730
Modified: 2022-02-09T15:45:48.157
Link: CVE-2018-25029
JSON object: View
Redhat Information
No data.
CWE