Vendor CVEs
Silabs.com
All CVEs
113 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8414 | Cri | 0.61 | — | 0.00 | Oct 17, 2025 | Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to… | ||
| CVE-2023-51395 | Hig | 0.57 | 8.8 | 0.00 | Mar 7, 2024 | The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||
| CVE-2024-9499 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9498 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9497 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9496 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9495 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9494 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9493 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in the ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9492 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9491 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-9490 | Hig | 0.56 | 8.6 | 0.00 | Jan 24, 2025 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | ||
| CVE-2024-22472 | Hig | 0.53 | 8.1 | 0.01 | May 7, 2024 | A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices. | ||
| CVE-2025-11004 | Hig | 0.49 | — | 0.00 | Feb 10, 2026 | The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has… | ||
| CVE-2025-10693 | Hig | 0.49 | — | 0.00 | Oct 31, 2025 | When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1. | ||
| CVE-2024-8361 | Hig | 0.49 | 7.5 | 0.00 | Jan 7, 2025 | In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If… | ||
| CVE-2024-3043 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2024 | An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification. | ||
| CVE-2023-51391 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. | ||
| CVE-2026-3290 | Hig | 0.48 | — | 0.00 | May 14, 2026 | Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values | ||
| CVE-2025-10285 | Hig | 0.48 | — | 0.00 | Dec 4, 2025 | The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password. | ||
| CVE-2025-4321 | Hig | 0.46 | — | 0.00 | Nov 17, 2025 | In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation | ||
| CVE-2024-3017 | Med | 0.42 | 6.5 | 0.00 | Jun 27, 2024 | In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary… | ||
| CVE-2026-0619 | Med | 0.39 | — | 0.00 | Feb 12, 2026 | A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device. | ||
| CVE-2025-12986 | Med | 0.39 | — | 0.00 | Dec 4, 2025 | When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset. | ||
| CVE-2025-3873 | Med | 0.39 | — | 0.00 | Jul 25, 2025 | The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha | ||
| CVE-2025-1394 | Med | 0.38 | — | 0.00 | Jul 30, 2025 | The Ember ZNet stack’s packet buffer manager may read out of bound memory leading to an assert, causing a Denial of Service (DoS). | ||
| CVE-2025-1221 | Med | 0.38 | — | 0.00 | Jul 30, 2025 | A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host system (CPCd) due to heavy Zigbee traffic, resulting in a Denial of Service (DoS) attack, Only hard reset will bring the device to normal operation | ||
| CVE-2024-4013 | Med | 0.36 | 5.6 | 0.00 | Jun 6, 2024 | A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity… | ||
| CVE-2025-10933 | Med | 0.34 | — | 0.00 | Jan 5, 2026 | An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads. | ||
| CVE-2025-2329 | Med | 0.34 | — | 0.00 | Jul 25, 2025 | In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and may send a corrupt packet over SPI to its host, causing the host to reset the RCP which results in a denial of service. | ||
| CVE-2024-6351 | Med | 0.28 | 4.3 | 0.00 | Jan 28, 2025 | A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert | ||
| CVE-2024-6352 | Med | 0.28 | 4.3 | 0.00 | Jan 13, 2025 | A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert | ||
| CVE-2024-9055 | Med | 0.27 | 4.2 | 0.00 | Mar 17, 2025 | The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack. | ||
| CVE-2025-14055 | Low | 0.16 | — | 0.00 | Feb 20, 2026 | An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet. | ||
| CVE-2025-14547 | Low | 0.15 | — | 0.00 | Feb 20, 2026 | An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service. | ||
| CVE-2024-12975 | Low | 0.07 | — | 0.00 | Mar 7, 2025 | A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface. | ||
| CVE-2022-24942 | 0.01 | — | 0.02 | Nov 2, 2022 | Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. | |||
| CVE-2020-15531 | 0.01 | — | 0.03 | Aug 19, 2020 | Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | |||
| CVE-2025-12131 | 0.00 | — | 0.00 | Feb 5, 2026 | A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | |||
| CVE-2025-2838 | 0.00 | — | 0.00 | Mar 26, 2025 | Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit… | |||
| CVE-2025-2837 | 0.00 | — | 0.00 | Mar 26, 2025 | Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to… | |||
| CVE-2024-23937 | 0.00 | — | 0.00 | Jan 31, 2025 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from… | |||
| CVE-2024-23973 | 0.00 | — | 0.01 | Jan 30, 2025 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue… | |||
| CVE-2024-24731 | 0.00 | — | 0.00 | Jan 30, 2025 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The… | |||
| CVE-2024-50924 | 0.00 | — | 0.00 | Dec 10, 2024 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller. | |||
| CVE-2024-50931 | 0.00 | — | 0.00 | Dec 10, 2024 | Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. | |||
| CVE-2024-50928 | 0.00 | — | 0.00 | Dec 10, 2024 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller. | |||
| CVE-2024-50920 | 0.00 | — | 0.00 | Dec 10, 2024 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. | |||
| CVE-2024-50921 | 0.00 | — | 0.00 | Dec 10, 2024 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. | |||
| CVE-2024-50930 | 0.00 | — | 0.00 | Dec 10, 2024 | An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. |
- risk 0.61cvss —epss 0.00
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to…
- risk 0.57cvss 8.8epss 0.00
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in the ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.56cvss 8.6epss 0.00
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
- risk 0.53cvss 8.1epss 0.01
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.
- risk 0.49cvss —epss 0.00
The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has…
- risk 0.49cvss —epss 0.00
When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1.
- risk 0.49cvss 7.5epss 0.00
In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If…
- risk 0.49cvss 7.5epss 0.01
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification.
- risk 0.49cvss 7.5epss 0.01
A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service.
- risk 0.48cvss —epss 0.00
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
- risk 0.48cvss —epss 0.00
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.
- risk 0.46cvss —epss 0.00
In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation
- risk 0.42cvss 6.5epss 0.00
In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary…
- risk 0.39cvss —epss 0.00
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.
- risk 0.39cvss —epss 0.00
When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset.
- risk 0.39cvss —epss 0.00
The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to data corruption on the host (Cortex-M4) application. sl_si91x_aes sl_si91x_gcm sl_si91x_ccm sl_si91x_sha
- risk 0.38cvss —epss 0.00
The Ember ZNet stack’s packet buffer manager may read out of bound memory leading to an assert, causing a Denial of Service (DoS).
- risk 0.38cvss —epss 0.00
A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host system (CPCd) due to heavy Zigbee traffic, resulting in a Denial of Service (DoS) attack, Only hard reset will bring the device to normal operation
- risk 0.36cvss 5.6epss 0.00
A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity…
- risk 0.34cvss —epss 0.00
An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.
- risk 0.34cvss —epss 0.00
In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and may send a corrupt packet over SPI to its host, causing the host to reset the RCP which results in a denial of service.
- risk 0.28cvss 4.3epss 0.00
A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert
- risk 0.28cvss 4.3epss 0.00
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert
- risk 0.27cvss 4.2epss 0.00
The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack.
- risk 0.16cvss —epss 0.00
An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.
- risk 0.15cvss —epss 0.00
An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service.
- risk 0.07cvss —epss 0.00
A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.
- CVE-2022-24942Nov 2, 2022risk 0.01cvss —epss 0.02
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.
- CVE-2020-15531Aug 19, 2020risk 0.01cvss —epss 0.03
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.
- CVE-2025-12131Feb 5, 2026risk 0.00cvss —epss 0.00
A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.
- CVE-2025-2838Mar 26, 2025risk 0.00cvss —epss 0.00
Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit…
- CVE-2025-2837Mar 26, 2025risk 0.00cvss —epss 0.00
Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to…
- CVE-2024-23937Jan 31, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from…
- CVE-2024-23973Jan 30, 2025risk 0.00cvss —epss 0.01
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue…
- CVE-2024-24731Jan 30, 2025risk 0.00cvss —epss 0.00
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The…
- CVE-2024-50924Dec 10, 2024risk 0.00cvss —epss 0.00
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.
- CVE-2024-50931Dec 10, 2024risk 0.00cvss —epss 0.00
Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions.
- CVE-2024-50928Dec 10, 2024risk 0.00cvss —epss 0.00
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.
- CVE-2024-50920Dec 10, 2024risk 0.00cvss —epss 0.00
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.
- CVE-2024-50921Dec 10, 2024risk 0.00cvss —epss 0.00
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller.
- CVE-2024-50930Dec 10, 2024risk 0.00cvss —epss 0.00
An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.
Page 1 of 3