Vulnerabilities > Silabs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-18 | CVE-2022-24939 | Out-of-bounds Write vulnerability in Silabs Gecko Software Development KIT and Zigbee Emberznet A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. | 6.5 |
| 2022-05-17 | CVE-2022-24611 | Unspecified vulnerability in Silabs products Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. low complexity silabs | 6.1 |
| 2022-05-03 | CVE-2021-27411 | Integer Overflow or Wraparound vulnerability in Silabs Micrium OS 5.10.0/5.10.1/5.9.0 Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. | 6.4 |
| 2022-02-04 | CVE-2018-25029 | Unspecified vulnerability in Silabs products The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. low complexity silabs | 4.8 |
| 2022-01-10 | CVE-2020-9058 | Missing Encryption of Sensitive Data vulnerability in multiple products Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. | 4.8 |
| 2022-01-10 | CVE-2020-9059 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. | 6.1 |
| 2022-01-10 | CVE-2020-9060 | Resource Exhaustion vulnerability in multiple products Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages. | 6.1 |
| 2021-01-26 | CVE-2020-13582 | NULL Pointer Dereference vulnerability in Silabs Micrium Uc-Http 3.01.00 A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. | 5.0 |
| 2020-08-20 | CVE-2020-15531 | Classic Buffer Overflow vulnerability in Silabs Bluetooth LOW Energy Software Development KIT 2.13.0.0/2.13.1.0/2.13.2.0 Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. | 5.8 |
| 2018-12-09 | CVE-2018-19983 | Use of Insufficiently Random Values vulnerability in Silabs Z-Wave S0 Firmware and Z-Wave S2 Firmware An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. | 6.1 |