CVE-2020-9058

HIGH

Silabs 500 Series Firmware - Missing Encryption

Title source: rule

Description

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.

References (5)

[Third Party Advisory, US Government Resource] https://kb.cert.org/vuls/id/142629

[Broken Link] https://ieeexplore.ieee.org/document/9663293

[Third Party Advisory] https://github.com/CNK2100/VFuzz-public

View Writeup ZIP pw:eip

[Broken Link] https://doi.org/10.1109/ACCESS.2021.3138768

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/142629

Scores

CVSS v3 8.1

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-311

Status published

Products (4)

dome/dm501 4.26

jasco/zw4201 4.05

linear/lb60z-1 3.5

silabs/500_series_firmware

Published Jan 10, 2022

Tracked Since Feb 18, 2026