CVEs-PoC/2020/CVE-2020-10137.md

### [CVE-2020-10137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10137)
![](https://img.shields.io/static/v1?label=Product&message=UZB-7&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%207.00%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-345%20Insufficient%20Verification%20of%20Data%20Authenticity&color=brighgreen)

### Description

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.

### POC

#### Reference
- https://github.com/CNK2100/VFuzz-public

#### Github
- https://github.com/CNK2100/VFuzz-public