Carlos Nkuba

6 exploits Active since Jan 2022
CVE-2020-10137 WRITEUP MEDIUM WRITEUP
Silabs Uzb-7 - Data Authenticity Bypass
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.
CVSS 6.5
CVE-2020-9057 WRITEUP HIGH WRITEUP
Linear Wadwaz-1 - Missing Encryption
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.
CVSS 8.8
CVE-2020-9058 WRITEUP HIGH SCANNER
Silicon Labs 500 Series Firmware - Missing Encryption of Sensitive Data
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
CVSS 8.1
CVE-2020-9059 WRITEUP MEDIUM WRITEUP
Silicon Labs 500 Series Firmware - Uncontrolled Resource Consumption via S0 Authentication
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
CVSS 6.5
CVE-2020-9060 WRITEUP MEDIUM WRITEUP
Silicon Labs 500 Series Firmware - Denial of Service via Malformed Z-Wave S2 Messages
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
CVSS 6.5
CVE-2020-9061 WRITEUP MEDIUM SCANNER
Aeotec Zw090-a - Improper Authorization
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
CVSS 6.5