Serial API Buffer Overflow in Z/IP Gateway
CVE-2023-0970

7.1HIGH

Key Information:

Vendor

Silicon Labs

Status
Z/ip Gateway
Vendor
CVE Published:
21 June 2023

What is CVE-2023-0970?

Multiple buffer overflow vulnerabilities present in SiLabs Z/IP Gateway SDK versions 7.18.01 and earlier can be exploited by attackers with invasive physical access to Z-Wave controller devices. This may allow them to overwrite global memory, potentially leading to the execution of arbitrary code and compromising device integrity.

Affected Version(s)

Z/IP Gateway 7.18.03

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.