Wyp

**Name of the Vulnerable Software and Affected Versions** KT MC01507L Z-Wave S0 devices (affected versions not specified) **Description** The issue arises due to the lack of HPKP implementation, allowing an attacker on the same network as the target HUB to intercept cleartext communication between the Server and Controller. The attacker can use IP Changer to redirect packets to a proxy-server IP address, enabling them to sniff cleartext commands. By using the proxy server's fake certificate, the attacker can control each Node of the HUB. Additionally, operating the HUB in Z-Wave Pairing Mode allows the attacker to obtain the Z-Wave network key. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sigma Design Z-Wave S0 through S2 devices **Description** An issue was discovered in Sigma Design Z-Wave devices, where an attacker can conduct a Denial of Service (DoS) attack against the Z-Wave S0 Security version product. The attack involves continuously sending divided "Nonce Get (0x98 0x81)" frames, causing the node to generate a new random nonce and transition to wait mode. When another "Nonce Get" frame is received, the previous nonce value is discarded, and a new one is generated, resulting in the inability to decrypt received normal frames. **Recommendations** For Sigma Design Z-Wave S0 through S2 devices, consider implementing a mechanism to limit the frequency of "Nonce Get" frames to prevent the DoS attack. As a temporary workaround, restrict the use of the "Nonce Get" frame until a patch is available.