CVE-2021-27289
CRITICALDescription
A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attacker within wireless range can resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages. This allows spoofed commands to be injected without authentication, triggering false alerts and misleading the user through notifications in the mobile application used to monitor the network.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2021-27289? +
How severe is CVE-2021-27289? +
How do I check if I'm vulnerable to CVE-2021-27289? +
Related Vulnerabilities
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic …
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the …
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a …
A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process …