CVE-2020-10137
First published: Mon Dec 27 2021(Updated: )
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SiLabs UZB-7 | =7.00 | |
| Silabs 700 Series Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10137?
CVE-2020-10137 is a vulnerability found in Z-Wave devices based on Silicon Labs 700 series chipsets using S2.
How does CVE-2020-10137 work?
CVE-2020-10137 allows a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming frames.
What is the severity of CVE-2020-10137?
CVE-2020-10137 has a severity rating of 6.5, classified as medium.
Are there any known affected software?
Yes, Z-Wave devices based on Silicon Labs 700 series chipsets using S2 and Silabs UZB-7 with firmware version 7.00 are known to be affected.
How can this vulnerability be fixed?
To fix CVE-2020-10137, it is recommended to apply the latest firmware updates provided by Silicon Labs for the affected devices.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/silabs
- canonical/silabs uzb-7
- version/silabs uzb-7/7.00
- canonical/silabs 700 series firmware