Vulnerabilities > Silabs > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2020-27630 Use of Insufficiently Random Values vulnerability in Silabs Uc/Tcp-Ip 3.6.0
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
network
low complexity
silabs CWE-330
critical
 9.8
9.8
2023-10-04 CVE-2023-41094 Missing Release of Resource after Effective Lifetime vulnerability in Silabs Emberznet
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected
network
low complexity
silabs CWE-772
critical
 9.8
9.8
2023-08-23 CVE-2023-4041 Download of Code Without Integrity Check vulnerability in Silabs Gecko Bootloader 4.3.0/4.3.1
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.
network
low complexity
silabs CWE-494
critical
 9.8
9.8
2023-06-15 CVE-2023-2686 Classic Buffer Overflow vulnerability in Silabs Gecko Software Development KIT
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.
network
low complexity
silabs CWE-120
critical
 9.8
9.8
2022-11-15 CVE-2022-24942 Out-of-bounds Write vulnerability in Silabs Micrium Uc-Http 3.01.01
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.
network
low complexity
silabs CWE-787
critical
 9.8
9.8
2022-11-14 CVE-2022-24937 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Emberznet 1.0.0
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.
network
low complexity
silabs CWE-119
critical
 9.8
9.8
2022-11-02 CVE-2022-24936 Out-of-bounds Write vulnerability in Silabs Gecko Bootloader
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
network
low complexity
silabs CWE-787
critical
 9.1
9.1