Vulnerabilities > Silabs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2023-1262 | Missing Authorization vulnerability in Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. | 5.3 |
| 2022-11-18 | CVE-2022-24939 | Out-of-bounds Write vulnerability in Silabs Gecko Software Development KIT and Zigbee Emberznet A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. | 6.5 |
| 2022-05-17 | CVE-2022-24611 | Unspecified vulnerability in Silabs products Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. low complexity silabs | 6.5 |
| 2022-05-03 | CVE-2021-27411 | Unspecified vulnerability in Silabs Micrium OS 5.10.0/5.10.1/5.9.0 Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. | 6.5 |
| 2022-01-10 | CVE-2020-10137 | Insufficient Verification of Data Authenticity vulnerability in Silabs 700 Series Firmware and Uzb-7 Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events. | 6.5 |
| 2022-01-10 | CVE-2020-9059 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. | 6.5 |
| 2022-01-10 | CVE-2020-9060 | Resource Exhaustion vulnerability in multiple products Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages. | 6.5 |
| 2022-01-10 | CVE-2020-9061 | Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | 6.5 |
| 2021-09-07 | CVE-2021-31609 | Unspecified vulnerability in Silabs Iwrap 5.8/6.3.0 The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet. low complexity silabs | 6.5 |
| 2020-08-20 | CVE-2020-15532 | Classic Buffer Overflow vulnerability in Silabs Bluetooth LOW Energy Software Development KIT 2.13.0.0/2.13.1.0/2.13.2.0 Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. | 6.5 |