Vulnerabilities > CVE-2020-27890 - Unspecified vulnerability in TI Z-Stack 3.0.1

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

NVD

Published: 2020-10-27

Updated: 2021-07-21

Summary

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. It crashes in zclParseInWriteCmd() and does not update the specific attribute's value.

Vulnerable Configurations

Part	Description	Count
Application	Ti TI Z Stack 3.0.1	1
Hardware	Ti TI Cc2538 -	1

References

https://github.com/zigbeeprotocol/Z-Fuzzer/tree/master/vulnerabilities
https://www.ti.com/tool/Z-STACK