Описание
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.
Ссылки
- Broken Link
- Third Party Advisory
- Broken Link
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- Broken Link
- Third Party Advisory
- Broken Link
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:silabs:uzb-7:7.00:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:silabs:700_series_firmware:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00151
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-345
CWE-345
Связанные уязвимости
github
около 4 лет назад
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.
EPSS
Процентиль: 36%
0.00151
Низкий
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-345
CWE-345