Filtered by vendor Silabs Subscriptions
Total 69 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-25181 2 Silabs, Weston-embedded 3 Gecko Software Development Kit, Cesium Net, Uc-http 2024-11-21 9 Critical
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2023-24585 2 Silabs, Weston-embedded 3 Gecko Software Development Kit, Cesium Net, Uc-http 2024-11-21 7.7 High
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
CVE-2023-1262 1 Silabs 2 Wireless Smart Ubiquitous Network Linux Border Router, Wireless Smart Ubiquitous Network Linux Border Router Firmware 2024-11-21 8.2 High
Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network.
CVE-2023-1261 1 Silabs 1 Wi-sun Software Development Kit 2024-11-21 8.2 High
Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network.
CVE-2023-1132 1 Silabs 1 Gecko Software Development Kit 2024-11-21 5.3 Medium
Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-0965 1 Silabs 1 Gecko Software Development Kit 2024-11-21 3.1 Low
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
CVE-2023-0775 1 Silabs 1 Gecko Software Development Kit 2024-11-21 6.5 Medium
An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service.
CVE-2022-24942 1 Silabs 1 Micrium Uc-http 2024-11-21 9.1 Critical
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.
CVE-2022-24939 1 Silabs 2 Gecko Software Development Kit, Zigbee Emberznet 2024-11-21 5.7 Medium
 A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVE-2022-24938 1 Silabs 1 Emberznet 2024-11-21 6.5 Medium
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVE-2022-24937 1 Silabs 1 Emberznet 2024-11-21 6.5 Medium
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.
CVE-2022-24936 1 Silabs 1 Gecko Bootloader 2024-11-21 8.3 High
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
CVE-2022-24611 1 Silabs 10 Sd3502, Sd3502 Firmware, Sd3503 and 7 more 2024-11-21 6.5 Medium
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.
CVE-2021-31609 1 Silabs 2 Iwrap, Wt32i-a 2024-11-21 6.5 Medium
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.
CVE-2021-27411 1 Silabs 1 Micrium Os 2024-11-21 6.5 Medium
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.
CVE-2020-9061 4 Aeotec, Samsung, Silabs and 1 more 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more 2024-11-21 6.5 Medium
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
CVE-2020-9060 4 Aeotec, Fibaro, Silabs and 1 more 6 Zw090-a, Fgwpb-111, 500 Series Firmware and 3 more 2024-11-21 6.5 Medium
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
CVE-2020-9059 2 Schlage, Silabs 2 Be468, 500 Series Firmware 2024-11-21 6.5 Medium
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
CVE-2020-9058 4 Dome, Jasco, Linear and 1 more 4 Dm501, Zw4201, Lb60z-1 and 1 more 2024-11-21 8.1 High
Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.
CVE-2020-9057 2 Linear, Silabs 5 Wadwaz-1, Wapirz-1, 100 Series Firmware and 2 more 2024-11-21 8.8 High
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.