Vulnerabilities > CVE-2020-27892 - Unspecified vulnerability in TI Z-Stack 3.0.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2020-10-27

Updated: 2020-11-10

Summary

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message. It crashes in zclParseInDiscCmdsRspCmd().

Vulnerable Configurations

Part	Description	Count
Application	Ti TI Z Stack 3.0.1	1
Hardware	Ti TI Cc2538 -	1

References

https://github.com/zigbeeprotocol/Z-Fuzzer/tree/master/vulnerabilities
https://www.ti.com/tool/Z-STACK