Shelly
Products
4- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12056 | Hig | 0.54 | — | 0.00 | Nov 19, 2025 | Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers. | ||
| CVE-2025-11243 | Hig | 0.54 | — | 0.00 | Nov 19, 2025 | Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network. | ||
| CVE-2024-48776 | Hig | 0.49 | 7.5 | 0.01 | Oct 11, 2024 | An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | ||
| CVE-2023-33383 | 0.03 | — | 0.02 | Aug 2, 2023 | Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. | |||
| CVE-2023-42143 | 0.00 | — | 0.00 | Jan 23, 2024 | Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware. | |||
| CVE-2023-42144 | 0.00 | — | 0.00 | Jan 23, 2024 | Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. |
- risk 0.54cvss —epss 0.00
Out-of-bounds Read in Shelly Pro 3EM (before v1.4.4) allows Overread Buffers.
- risk 0.54cvss —epss 0.00
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.
- risk 0.49cvss 7.5epss 0.01
An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process
- CVE-2023-33383Aug 2, 2023risk 0.03cvss —epss 0.02
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.
- CVE-2023-42143Jan 23, 2024risk 0.00cvss —epss 0.00
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware.
- CVE-2023-42144Jan 23, 2024risk 0.00cvss —epss 0.00
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password.