N/A

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

N/A

敏感数据加密缺失

Z-Wave 安全漏洞

Z-Wave是一种主要用于家庭自动化的无线通信协议。它是一种网状网络，使用低耗能无线电波在设备与设备间进行通信，从而无线控制家中电器和其他设备，例如控制照明、安全系统、恒温器、窗户、锁、游泳池和车库门开启器。 Z-Wave 设备存在安全漏洞，该漏洞源于设备不支持加密，这使得在无线电范围内的攻击者能够控制或拒绝为脆弱设备提供服务。攻击者还可以捕获和重放Z-Wave流量

N/A

N/A