Vulnerabilities > CVE-2020-27891 - Unspecified vulnerability in TI Z-Stack 3.0.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2020-10-27

Updated: 2021-07-21

Summary

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExternal().

Vulnerable Configurations

Part	Description	Count
Application	Ti TI Z Stack 3.0.1	1
Hardware	Ti TI Cc2538 -	1

References

https://github.com/zigbeeprotocol/Z-Fuzzer/tree/master/vulnerabilities
https://www.ti.com/tool/Z-STACK