CVE-2020-9057

Name: CVE-2020-9057
Creator: NVD / NIST
Published: 2022-01-10T14:10:16.15+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.41%

Last modified Jun 17, 2026

CVE-2020-9057 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.41%

33.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Linear	Wadwaz-1	3.43
Linear	Wapirz-1	3.43
Silabs	100 Series Firmware	All versions
Silabs	200 Series Firmware	All versions
Silabs	300 Series Firmware	All versions

References

https://doi.org/10.1109/ACCESS.2021.3138768Broken Link
https://github.com/CNK2100/VFuzz-publicThird Party Advisory
https://ieeexplore.ieee.org/document/9663293Broken Link
https://kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource
https://doi.org/10.1109/ACCESS.2021.3138768Broken Link
https://github.com/CNK2100/VFuzz-publicThird Party Advisory
https://ieeexplore.ieee.org/document/9663293Broken Link
https://kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/142629Third Party Advisory, US Government Resource

Timeline

Published: Jan 10, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-9057?

How severe is CVE-2020-9057?

CVE-2020-9057 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2020-9057?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-9057?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST