VYPR
Vendor

Silabs.com

Products
52
CVEs
113
Across products
107
Status
Private

Products

52
View all 52 products →

Recent CVEs

113
View all 113 CVEs →
  • CVE-2025-8414CriOct 17, 2025
    risk 0.61cvss epss 0.00

    Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to…

  • CVE-2023-51395HigMar 7, 2024
    risk 0.57cvss 8.8epss 0.00

    The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

  • CVE-2024-9499HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9498HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9497HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9496HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9495HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9494HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9493HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9492HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9491HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-9490HigJan 24, 2025
    risk 0.56cvss 8.6epss 0.00

    DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

  • CVE-2024-22472HigMay 7, 2024
    risk 0.53cvss 8.1epss 0.01

    A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.

  • CVE-2025-11004HigFeb 10, 2026
    risk 0.49cvss epss 0.00

    The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has…

  • CVE-2025-10693HigOct 31, 2025
    risk 0.49cvss epss 0.00

    When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.

  • CVE-2024-8361HigJan 7, 2025
    risk 0.49cvss 7.5epss 0.00

    In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If…

  • CVE-2024-3043HigJun 27, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.

  • CVE-2023-51391HigApr 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.

  • CVE-2026-3290HigMay 14, 2026
    risk 0.48cvss epss 0.00

    Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values

  • CVE-2025-10285HigDec 4, 2025
    risk 0.48cvss epss 0.00

    The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.