Code injection

Z-Wave devices from Sierra Designs circa 2013 and Silicon Labs using S0 security may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic...

CVE-2013-20003

Z-Wave devices from Sierra Designs circa 2013 and Silicon Labs using S0 security may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic...

CVE-2018-19983

CVE-2018-19983 affects Sigma Design Z-Wave devices (S0 through S2). An attacker can perform a DoS by repeatedly sending divided Nonce Get frames (0x98 0x81). In S0, upon receiving a Nonce Get, the node generates and sends a new nonce, then waits; if another Nonce Get arrives, the previous nonce i...

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

The popular home automation protocol Z-Wave, used by millions of IoT devices, is vulnerable to a downgrade attack that could allow an adversary to take control of targeted devices, according to researchers. Z-Wave is a wireless protocol used by 2,400 vendors; its wireless chipsets are embedded in...