CVE-2020-27892

CVE-2020-27892 affects TI CC2538 devices running Z-Stack 3.0.1. The Zigbee protocol stack fails to correctly process ZCL Discover Commands Received/Generated Response messages, causing a crash in zclParseInDiscCmdsRspCmd(). The NVD entry lists CVSS v2/3 base scores of 5.0 (MEDIUM) and 7.5 (HIGH) ...

CVE-2020-27891

CVE-2020-27891 affects TI CC2538 with Z-Stack 3.0.1 where a ZCL Read Reporting Configuration Response is not properly processed, causing a crash in zclHandleExternal(). Public details show CVSS v3.1 base score 7.5 (Network attack, low complexity, no privileges required, availability impact HIGH) ...

CVE-2020-16630

The CVE-2020-16630 entry concerns TI’s BLE stack, where the Long-Term Key (LTK) property is cached and reused for bonded devices. A LTK can be unauthenticated (Just Works) or authenticated (Passkey Entry, Numeric Comparison, or OOB). If a victim mobile securely paired with a TI BLE device generat...

CVE-2020-27890

The vulnerability CVE-2020-27890 affects TI CC2538 devices using Z-Stack 3.0.1, where the Zigbee ZCL Write Attributes No Response message is not processed correctly. The issue causes a crash in zclParseInWriteCmd() and prevents updating the targeted attribute’s value, potentially leaving the attr...