Vulnerabilities > Silabs > Z IP Gateway SDK
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-4489 | Use of Uninitialized Resource vulnerability in Silabs Z/Ip Gateway SDK 7.18.01/7.18.03 The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. | 9.8 |
| 2023-06-21 | CVE-2023-0969 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. | 3.5 |
| 2023-06-21 | CVE-2023-0970 | Classic Buffer Overflow vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code. | 6.8 |
| 2023-06-21 | CVE-2023-0971 | Incorrect Authorization vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | 8.8 |
| 2023-06-21 | CVE-2023-0972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK 7.18.01 Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | 8.8 |