Silabs.com
Products
52- 19 CVEs
- 10 CVEs
- 9 CVEs
- 8 CVEs
- 6 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 52 products →
Recent CVEs
113| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8414 | Cri | 0.61 | — | 0.00 | Oct 17, 2025 | Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to… | ||
| CVE-2023-51395 | Hig | 0.57 | 8.8 | 0.00 | Mar 7, 2024 | The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||
| CVE-2024-9499 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9498 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9497 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9496 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9495 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9494 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9493 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9492 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9491 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9490 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-22472 | Hig | 0.53 | 8.1 | 0.01 | May 7, 2024 | A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices. | ||
| CVE-2025-11004 | Hig | 0.49 | — | 0.00 | Feb 10, 2026 | The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has… | ||
| CVE-2025-10693 | Hig | 0.49 | — | 0.00 | Oct 31, 2025 | When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1. | ||
| CVE-2024-8361 | Hig | 0.49 | 7.5 | 0.00 | Jan 7, 2025 | In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If… | ||
| CVE-2024-3043 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2024 | An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification. | ||
| CVE-2023-51391 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. | ||
| CVE-2026-3290 | Hig | 0.48 | — | 0.00 | May 14, 2026 | Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values | ||
| CVE-2025-10285 | Hig | 0.48 | — | 0.00 | Dec 4, 2025 | The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password. |
- risk 0.61cvss —epss 0.00
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to…
- risk 0.57cvss 8.8epss 0.00
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.53cvss 8.1epss 0.01
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.
- risk 0.49cvss —epss 0.00
The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has…
- risk 0.49cvss —epss 0.00
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.
- risk 0.49cvss 7.5epss 0.00
In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If…
- risk 0.49cvss 7.5epss 0.01
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.
- risk 0.49cvss 7.5epss 0.01
A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.
- risk 0.48cvss —epss 0.00
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
- risk 0.48cvss —epss 0.00
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.