Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-27289

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Apr, 2025 | 00:00
Updated At-16 Apr, 2025 | 14:25
Rejected At-
Credits

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attacker within wireless range can resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages. This allows spoofed commands to be injected without authentication, triggering false alerts and misleading the user through notifications in the mobile application used to monitor the network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Apr, 2025 | 00:00
Updated At:16 Apr, 2025 | 14:25
Rejected At:
▼CVE Numbering Authority (CNA)

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attacker within wireless range can resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages. This allows spoofed commands to be injected without authentication, triggering false alerts and misleading the user through notifications in the mobile application used to monitor the network.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/49169
N/A
https://www.youtube.com/watch?v=5IFUpRKEioA
N/A
https://www.youtube.com/watch?v=XFOy3wSlC9Q
N/A
https://www.youtube.com/watch?v=yc9IEt5IMmA
N/A
https://packetstormsecurity.com/files/160331/Ksix-Zigbee-Devices-Playback-Protection-Bypass.html
N/A
https://github.com/TheMalwareGuardian/CVE-2021-27289
N/A
Hyperlink: https://www.exploit-db.com/exploits/49169
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=5IFUpRKEioA
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=XFOy3wSlC9Q
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=yc9IEt5IMmA
Resource: N/A
Hyperlink: https://packetstormsecurity.com/files/160331/Ksix-Zigbee-Devices-Playback-Protection-Bypass.html
Resource: N/A
Hyperlink: https://github.com/TheMalwareGuardian/CVE-2021-27289
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-294CWE-294 Authentication Bypass by Capture-replay
Type: CWE
CWE ID: CWE-294
Description: CWE-294 Authentication Bypass by Capture-replay
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Apr, 2025 | 18:15
Updated At:16 Apr, 2025 | 15:15

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attacker within wireless range can resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages. This allows spoofed commands to be injected without authentication, triggering false alerts and misleading the user through notifications in the mobile application used to monitor the network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-294Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-294
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/TheMalwareGuardian/CVE-2021-27289cve@mitre.org
N/A
https://packetstormsecurity.com/files/160331/Ksix-Zigbee-Devices-Playback-Protection-Bypass.htmlcve@mitre.org
N/A
https://www.exploit-db.com/exploits/49169cve@mitre.org
N/A
https://www.youtube.com/watch?v=5IFUpRKEioAcve@mitre.org
N/A
https://www.youtube.com/watch?v=XFOy3wSlC9Qcve@mitre.org
N/A
https://www.youtube.com/watch?v=yc9IEt5IMmAcve@mitre.org
N/A
Hyperlink: https://github.com/TheMalwareGuardian/CVE-2021-27289
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://packetstormsecurity.com/files/160331/Ksix-Zigbee-Devices-Playback-Protection-Bypass.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/49169
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=5IFUpRKEioA
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=XFOy3wSlC9Q
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.youtube.com/watch?v=yc9IEt5IMmA
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2023-29158
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 10.71%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 20:11
Updated-09 Dec, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUBNET PowerSYSTEM Center Authentication Bypass by Capture-replay

SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.

Action-Not Available
Vendor-subnetSUBNET Solutions Inc.
Product-powersystem_centerPowerSYSTEM Center
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2018-17903
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.51% / 65.43%
||
7 Day CHG~0.00%
Published-24 Oct, 2018 | 22:00
Updated-16 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.

Action-Not Available
Vendor-sagaradioGAIN Electronic Co. Ltd
Product-saga1-l8bsaga1-l8b_firmwareSAGA1-L8B
CWE ID-CWE-294
Authentication Bypass by Capture-replay
Details not found