Buffer overflow in S0 Decryption on Unify Gateway
CVE-2023-3110

9.6CRITICAL

Key Information:

Vendor: Silicon Labs
Status: Unify Gateway
Vendor: CVE Published:; 21 June 2023

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2023-3110?

A vulnerability exists in SiLabs Unify Gateway versions up to 1.3.1, allowing an unauthenticated attacker within Z-Wave range to execute arbitrary code by overflowing a stack buffer. This security flaw poses significant risks as it can be exploited remotely without prior authentication, emphasizing the importance of updating to secure versions and implementing adequate network security measures.

Affected Version(s)

Unify Gateway 1.3.2

References

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2023
Vulnerability Reserved
Jun 5, 2023