CVE-2020-9058 – This CVE describes a vulnerability in Z-Wave de... (How to Fix)

Q: What is the severity of CVE-2020-9058?

CVE-2020-9058 has a CVSS score of 8.1 (HIGH). This CVE describes a vulnerability in Z-Wave devices using Silicon Labs 500 series chipsets that lack encryption and replay protection. Attackers can intercept and manipulate unencrypted Z-Wave communications, affecting smart home and IoT devices from manufacturers like Linear, Dome, and Jasco.

📋 TL;DR

This CVE describes a vulnerability in Z-Wave devices using Silicon Labs 500 series chipsets that lack encryption and replay protection. Attackers can intercept and manipulate unencrypted Z-Wave communications, affecting smart home and IoT devices from manufacturers like Linear, Dome, and Jasco.

💻 Affected Systems

Products:

Linear LB60Z-1
Dome DM501
Jasco ZW4201
Other Z-Wave devices using Silicon Labs 500 series chipsets

Versions: Specific affected versions: Linear LB60Z-1 v3.5, Dome DM501 v4.26, Jasco ZW4201 v4.05

Operating Systems: Not applicable - embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using CRC-16 encapsulation without encryption implementation. Likely impacts many Z-Wave 500 series devices beyond those specifically listed.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Z-Wave network allowing attackers to control all connected devices (lights, locks, sensors), create false sensor readings, or disable security systems.

🟠

Likely Case

Unauthorized control of individual devices, privacy invasion through monitoring of device states, and potential physical security bypass.

🟢

If Mitigated

Limited impact if devices are isolated from untrusted networks and physical access is restricted, though inherent protocol weaknesses remain.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires proximity to Z-Wave network (typically ~100m range). Tools like VFuzz-public demonstrate practical exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.kb.cert.org/vuls/id/142629

Restart Required: No

Instructions:

No official patch exists. Contact device manufacturers for firmware updates if available. Consider replacing affected devices with newer Z-Wave 700/800 series devices that support S2 security.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Z-Wave controller and devices on separate network segment

Physical Security Controls

all

Restrict physical access to Z-Wave network range (~100m)

🧯 If You Can't Patch

Replace affected devices with Z-Wave 700/800 series devices supporting S2 security
Implement additional physical security layers (cameras, alarms) to detect unauthorized access

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version against affected list. Use Z-Wave sniffer to confirm lack of encryption in communications.

Check Version:

Check device labeling or manufacturer documentation for firmware version

Verify Fix Applied:

Verify device replacement with Z-Wave 700/800 series or monitor for encrypted S2 security handshake.

📡 Detection & Monitoring

Log Indicators:

Unusual Z-Wave device activations
Device state changes without user interaction
Failed authentication attempts if logging enabled

Network Indicators:

Unencrypted Z-Wave traffic at 908.42 MHz
Replayed Z-Wave command sequences
Unusual command patterns

SIEM Query:

Not applicable - Z-Wave uses RF not IP networking

📊 Metadata

CVE ID: CVE-2020-9058

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-311

Published: January 10, 2022

Last Updated: November 21, 2024

🔗 References

https://doi.org/10.1109/ACCESS.2021.3138768 Broken Link
https://github.com/CNK2100/VFuzz-public Third Party Advisory
https://ieeexplore.ieee.org/document/9663293 Broken Link
https://kb.cert.org/vuls/id/142629 Third Party Advisory,US Government Resource
https://www.kb.cert.org/vuls/id/142629 Third Party Advisory,US Government Resource
https://doi.org/10.1109/ACCESS.2021.3138768 Broken Link
https://github.com/CNK2100/VFuzz-public Third Party Advisory
https://ieeexplore.ieee.org/document/9663293 Broken Link
https://kb.cert.org/vuls/id/142629 Third Party Advisory,US Government Resource
https://www.kb.cert.org/vuls/id/142629 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9058, you might also want to check these: