Denial of Service Vulnerability in Silicon Labs Z-Wave 500 Series
CVE-2022-24611

6.5MEDIUM

Key Information:

Vendor: Silabs
Status: Zm5202 Firmware
Vendor: CVE Published:; 17 May 2022

Badges

👾 Exploit Exists

What is CVE-2022-24611?

A Denial of Service vulnerability exists within the Z-Wave S0 NonceGet protocol utilized by Silicon Labs' Z-Wave 500 series. Local attackers can exploit this flaw by sending specially crafted S0 NonceGet packets, which can lead to interruptions in the S0/S2 protected Z-Wave networks. This vulnerability makes it possible for an attacker to effectively block network communications by utilizing included but not properly addressed NodeIDs, causing significant disruption to devices relying on this protocol. Awareness and timely software updates are essential to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://z-wave.com

x_refsource_MISC

https://github.com/ITSecLab-HSEL/CVE-2022-24611

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 17, 2022
👾
Exploit known to exist
May 17, 2022
Vulnerability published
May 17, 2022
Vulnerability Reserved
Feb 7, 2022

JSON

Silabs

Badges

What is CVE-2022-24611?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.