Z-Wave End Devices Vulnerable to Stack Buffer Overflow

CVE-2023-51395

8.8HIGH

Key Information

Vendor: Silicon Labs
Status: Z-wave Sdk
Vendor: Published:; 7 March 2024

Summary

The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

Affected Version(s)

Z-Wave SDK <= 7.20.0

Z-Wave SDK >= 7.20.0

Z-Wave SDK >= 7.19.3

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
Mar 7, 2024
Vulnerability Reserved.
Dec 18, 2023

Collectors

NVD DatabaseMitre Database