Z-Wave Denial of Service caused by Stream of Packets
CVE-2023-5310

5.7MEDIUM

Key Information:

Vendor: Silabs.com
Status: Gecko Sdk
Vendor: CVE Published:; 15 December 2023

Summary

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

Affected Version(s)

Gecko SDK 0 <= 7.20.3

References

https://github.com/SiliconLabs/gecko_sdk/releases

https://siliconlabs.lightning.force.com/sfc/servlet.sheph...

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2023
Vulnerability Reserved
Sep 29, 2023