Z-Wave End Devices Vulnerable to Stack Buffer Overflow
CVE-2023-51395
8.8HIGH
Key Information
- Vendor
- Silicon Labs
- Status
- Z-wave Sdk
- Vendor
- Published:
- 7 March 2024
Summary
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
Affected Version(s)
Z-Wave SDK <= 7.20.0
Z-Wave SDK >= 7.20.0
Z-Wave SDK >= 7.19.3
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database