First published: Mon Dec 27 2021(Updated: )
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
SiLabs UZB-7 | =7.00 | |
Silabs 700 Series Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10137 is a vulnerability found in Z-Wave devices based on Silicon Labs 700 series chipsets using S2.
CVE-2020-10137 allows a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming frames.
CVE-2020-10137 has a severity rating of 6.5, classified as medium.
Yes, Z-Wave devices based on Silicon Labs 700 series chipsets using S2 and Silabs UZB-7 with firmware version 7.00 are known to be affected.
To fix CVE-2020-10137, it is recommended to apply the latest firmware updates provided by Silicon Labs for the affected devices.