Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | N/A | 6.4 MEDIUM |
|
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
|
|||||
| CVE-2023-0972 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
|
|||||
| CVE-2023-0971 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | N/A | 9.6 CRITICAL |
|
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
|
|||||
| CVE-2023-0970 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | N/A | 7.1 HIGH |
|
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.
|
|||||
| CVE-2023-0969 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.
|
|||||