Vulnerabilities > CVE-2023-0971 - Incorrect Authorization vulnerability in Silabs Z/Ip Gateway SDK

047910
CVSS 8.8 - HIGH
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
silabs
CWE-863
NVD
Published: 2023-06-21
Updated: 2023-06-28

Summary

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

Vulnerable Configurations

Part Description Count
Application
Silabs
1

Common Weakness Enumeration (CWE)

References