Buffer Overflow Vulnerability Affects Silicon Labs 500 Series Z-Wave Devices, Denial of Service and Remote Code Execution Possible
CVE-2024-22472

8.1HIGH

Key Information:

Vendor
CVE Published:
7 May 2024

What is CVE-2024-22472?

A critical vulnerability exists in the Silicon Labs 500 Series Z-Wave devices due to a buffer overflow condition. This vulnerability may lead to Denial of Service, disrupting the normal operations of affected devices. Additionally, it poses a risk of remote code execution, allowing an attacker to gain unauthorized access and control. This issue impacts all versions of the Silicon Labs 500 Series SDK prior to version 6.85.2, necessitating immediate attention to secure devices against possible exploitation.

Affected Version(s)

Z-Wave SDK ARM 0 < 6.85.2

References

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.