{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T04:25:18.482","vulnerabilities":[{"cve":{"id":"CVE-2018-25029","sourceIdentifier":"cret@cert.org","published":"2022-02-04T23:15:09.730","lastModified":"2024-11-21T04:03:23.580","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic."},{"lang":"es","value":"La especificación Z-Wave requiere que la seguridad S2 pueda ser degradada a S0 u otros protocolos menos seguros, permitiendo a un atacante dentro del rango de radio durante el emparejamiento degradar y luego explotar una vulnerabilidad diferente (CVE-2013-20003) para interceptar y falsificar el tráfico"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:N","baseScore":4.8,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-757"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:silabs:zgm130s037hgn_firmware:s2:*:*:*:*:*:*:*","matchCriteriaId":"DAE411D1-DEAB-4251-A7A4-B55492D53AC2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:silabs:zgm130s037hgn:-:*:*:*:*:*:*:*","matchCriteriaId":"57708CEA-8CF3-4FAF-A7D4-8572EE7A7E53"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:silabs:zm5202_firmware:s2:*:*:*:*:*:*:*","matchCriteriaId":"B0F01E96-49C5-4FB6-A549-5B25F04B26DB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:silabs:zm5202:-:*:*:*:*:*:*:*","matchCriteriaId":"64DAB9DC-A25C-4C7B-8A98-D6AAD3DF46CC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:silabs:zm5101_firmware:s2:*:*:*:*:*:*:*","matchCriteriaId":"D529D8C9-6882-4631-AE7A-E7EE52CA4E73"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:silabs:zm5101:-:*:*:*:*:*:*:*","matchCriteriaId":"36D7DA65-1F1E-4C1C-A9EB-16F615E5C34A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:silabs:zgm2305a27hgn_firmware:s2:*:*:*:*:*:*:*","matchCriteriaId":"8AC94143-DE93-4179-B4E3-9B684E28A6F0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:silabs:zgm2305a27hgn:-:*:*:*:*:*:*:*","matchCriteriaId":"9A86A154-AD74-4EFB-B94A-15C619683EB4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:silabs:zgm230sb27hgn_firmware:s2:*:*:*:*:*:*:*","matchCriteriaId":"AE07BCD8-452E-43B4-BC8B-30797A3CF830"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:silabs:zgm230sb27hgn:-:*:*:*:*:*:*:*","matchCriteriaId":"5794CE0B-4A2F-439F-A6DF-42A710E35D89"}]}]}],"references":[{"url":"https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure","source":"cret@cert.org","tags":["Third Party Advisory"]},{"url":"https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}