CVE-2020-27890

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. It crashes in zclParseInWriteCmd and does not update the specific attribute's value...

CVE-2020-27890

The vulnerability CVE-2020-27890 affects TI CC2538 devices using Z-Stack 3.0.1, where the Zigbee ZCL Write Attributes No Response message is not processed correctly. The issue causes a crash in zclParseInWriteCmd() and prevents updating the targeted attribute’s value, potentially leaving the attr...

CVE-2020-27891

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExternal...

CVE-2020-27891

CVE-2020-27891 affects TI CC2538 with Z-Stack 3.0.1 where a ZCL Read Reporting Configuration Response is not properly processed, causing a crash in zclHandleExternal(). Public details show CVSS v3.1 base score 7.5 (Network attack, low complexity, no privileges required, availability impact HIGH) ...

CVE-2020-27892

CVE-2020-27892 affects TI CC2538 devices running Z-Stack 3.0.1. The Zigbee protocol stack fails to correctly process ZCL Discover Commands Received/Generated Response messages, causing a crash in zclParseInDiscCmdsRspCmd(). The NVD entry lists CVSS v2/3 base scores of 5.0 (MEDIUM) and 7.5 (HIGH) ...

CVE-2020-27892

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message. It crashes in zclParseInDiscCmdsRspCmd...

IoTMap - Research Project On Heterogeneous IoT Protocols Modelling

IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as a part of a PhD thesis on Internet Of Things security. This repository is regularly updated as new results are obtained. This project supports 3 protocol as this time : BLE, ZigB...

CVE-2017-18868

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built...

Input validation

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built...

CVE-2017-18868

CVE-2017-18868 relates to Digi XBee 2 devices, where the network stack underpinning ZigBee enables an attacker to issue remote AT commands due to an ineffective protection mechanism. The vulnerability can impact integrity and availability (I: Partial, A: Partial) with no confidentiality impact de...

CVE-2017-18868

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built...

Schneider Electric ZigBee Installation Toolkit Code Issue Vulnerability

Schneider Electric ZigBee Installation Toolkit is an installation toolkit software for the ZigBee wireless network protocol from Schneider Electric France. A code issue vulnerability exists in versions of Schneider Electric ZigBee Installation Toolkit prior to 1.0.1. The vulnerability can be...

CVE-2020-7476

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit Versions prior to 1.0.1, which could cause execution of malicious code when a malicious file is put in the search path...

CVE-2020-7476

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit Versions prior to 1.0.1, which could cause execution of malicious code when a malicious file is put in the search path...

Design/Logic Flaw

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit Versions prior to 1.0.1, which could cause execution of malicious code when a malicious file is put in the search path...

CVE-2020-7476

The CVE-2020-7476 entry affects Schneider Electric ZigBee Installation Kit prior to version 1.0.1, with a CWE-426 Untrusted Search Path issue that could lead to execution of malicious code if a attacker-provided file is placed in the search path. Root cause: untrusted search path. Impact is shell...

CVE-2020-7476

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit Versions prior to 1.0.1, which could cause execution of malicious code when a malicious file is put in the search path...

CVE-2019-20480

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...

CVE-2019-20481

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480...

CVE-2019-20480

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection...