PT-2022-8315 · Silicon · Silicon Labs 700 Series

Carlos Kayembe Nkuba

Published

2022-01-09

Updated

2022-01-18

CVE-2020-10137

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Z-Wave devices based on Silicon Labs 700 series chipsets (affected versions not specified)

Description The issue affects Z-Wave devices that use S2 authentication and are based on Silicon Labs 700 series chipsets. These devices do not properly authenticate or encrypt FIND NODE IN RANGE frames. As a result, a remote, unauthenticated attacker can inject a FIND NODE IN RANGE frame with an invalid random payload. This action can deny service by blocking the processing of upcoming events.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2020-10137

Affected Products

Silicon Labs 700 Series

PT-2022-8315 · Silicon · Silicon Labs 700 Series

CVE-2020-10137

Weakness Enumeration

Related Identifiers

Affected Products

References · 6