Silabs: Security Vulnerabilities
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
CVSS Score
6.4
EPSS Score
0.007
Published
2023-12-14
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.004
Published
2023-11-14
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.003
Published
2023-11-14
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.003
Published
2023-11-14
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.004
Published
2023-11-14
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
CVSS Score
7.7
EPSS Score
0.003
Published
2023-11-14
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
9.0
EPSS Score
0.003
Published
2023-11-14
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-10-26
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules)
allows potential modification or extraction of network credentials stored in flash.
This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-10-26
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.
CVSS Score
7.7
EPSS Score
0.003
Published
2023-10-20