Cyber Resilience

CVE-2018-25029

HighPublic PoC

Published: 04 February 2022

Published
04 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0009 26.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25029 is a high-severity Algorithm Downgrade (CWE-757) vulnerability in Silabs Zgm130S037Hgn Firmware. Its CVSS base score is 8.1 (High).

Operationally, ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

silabs
zgm130s037hgn firmware
s2
silabs
zm5202 firmware
s2
silabs
zm5101 firmware
s2
silabs
zgm2305a27hgn firmware
s2
silabs
zgm230sb27hgn firmware
s2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References