Vulnerabilities > CVE-2018-25029 - Unspecified vulnerability in Silabs products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE low complexity
silabs
Summary
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 | |
| Hardware | 5 |
References
- https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure
- https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure
- https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
- https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/