CVE-2020-9059

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
References
Link Resource
https://doi.org/10.1109/ACCESS.2021.3138768 Broken Link
https://github.com/CNK2100/VFuzz-public Third Party Advisory
https://ieeexplore.ieee.org/document/9663293 Broken Link
https://kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
https://doi.org/10.1109/ACCESS.2021.3138768 Broken Link
https://github.com/CNK2100/VFuzz-public Third Party Advisory
https://ieeexplore.ieee.org/document/9663293 Broken Link
https://kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/142629 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:o:silabs:500_series_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:schlage:be468:3.42:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () https://doi.org/10.1109/ACCESS.2021.3138768 - Broken Link () https://doi.org/10.1109/ACCESS.2021.3138768 - Broken Link
References () https://github.com/CNK2100/VFuzz-public - Third Party Advisory () https://github.com/CNK2100/VFuzz-public - Third Party Advisory
References () https://ieeexplore.ieee.org/document/9663293 - Broken Link () https://ieeexplore.ieee.org/document/9663293 - Broken Link
References () https://kb.cert.org/vuls/id/142629 - Third Party Advisory, US Government Resource () https://kb.cert.org/vuls/id/142629 - Third Party Advisory, US Government Resource
References () https://www.kb.cert.org/vuls/id/142629 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/142629 - Third Party Advisory, US Government Resource

Information

Published : 2022-01-10 14:10

Updated : 2024-11-21 05:39


NVD link : CVE-2020-9059

Mitre link : CVE-2020-9059

CVE.ORG link : CVE-2020-9059


JSON object : View

Products Affected

silabs

  • 500_series_firmware

schlage

  • be468
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling