CVE-2020-9060

MEDIUM

Silabs 500 Series Firmware - Denial of Service

Title source: rule

Description

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

References (5)

[Broken Link] https://doi.org/10.1109/ACCESS.2021.3138768

[Third Party Advisory] https://github.com/CNK2100/VFuzz-public

View Writeup ZIP pw:eip

[Broken Link] https://ieeexplore.ieee.org/document/9663293

[Third Party Advisory, US Government Resource] https://kb.cert.org/vuls/id/142629

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/142629

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-346 CWE-400

Status published

Affected Products (6)

silabs/500_series_firmware

aeotec/zw090-a

fibaro/fgwpb-111

zooz/zen20

zooz/zen25

zooz/zst10

Timeline

Published Jan 10, 2022

Tracked Since Feb 18, 2026