Downgrade Vulnerability in Z-Wave Secure Protocols by Silicon Labs
CVE-2018-25029

8.1HIGH

Key Information:

Vendor: Silicon Labs
Status: Z-wave
Vendor: CVE Published:; 4 February 2022

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2018-25029?

The Z-Wave specification permits a downgrade from the more secure S2 security to the less secure S0 or other weak protocols. This design flaw can be exploited by an attacker within radio range during the pairing process, potentially allowing the attacker to downgrade the device's security. Once this occurs, the attacker may leverage another vulnerability to intercept communications and impersonate legitimate devices, thereby jeopardizing the integrity and security of the smart home ecosystem.

Affected Version(s)

Z-Wave S2

References

https://www.pentestpartners.com/security-blog/z-shave-exp...

x_refsource_MISC

https://community.silabs.com/s/share/a5U1M000000knqNUAQ/u...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Jan 26, 2022