Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2013-20003
Summary
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.
- HIGH
- ADJACENT_NETWORK
- HIGH
- CHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
References
Advisory Timeline
- Published