CVE-2020-10137

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
silabsuzb-7
7.00
silabs700_series_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://doi.org/10.1109/ACCESS.2021.3138768
https://github.com/CNK2100/VFuzz-public
https://ieeexplore.ieee.org/document/9663293
https://kb.cert.org/vuls/id/142629
https://www.kb.cert.org/vuls/id/142629
https://doi.org/10.1109/ACCESS.2021.3138768
https://github.com/CNK2100/VFuzz-public
https://ieeexplore.ieee.org/document/9663293
https://kb.cert.org/vuls/id/142629
https://www.kb.cert.org/vuls/id/142629