Vulnerabilities > CVE-2013-20003 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Silabs products

CVSS 7.9 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

silabs

CWE-338

NVD

Published: 2022-02-04

Updated: 2022-02-09

Summary

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.

Vulnerable Configurations

Part	Description	Count
OS	Silabs Silabs Zgm130S037Hgn Firmware S2 Silabs Zm5202 Firmware S2 Silabs Zm5101 Firmware S2 Silabs Zgm2305A27Hgn Firmware S2 Silabs Zgm230Sb27Hgn Firmware S2	5
Hardware	Silabs Silabs Zgm130S037Hgn - Silabs Zm5202 - Silabs Zm5101 - Silabs Zgm2305A27Hgn - Silabs Zgm230Sb27Hgn -	5

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References