Buffer Overflow Vulnerability Affects Silicon Labs 500 Series Z-Wave Devices, Denial of Service and Remote Code Execution Possible
CVE-2024-22472

8.1HIGH

Key Information:

Vendor: Silicon Labs
Status: Z-wave Sdk
Vendor: CVE Published:; 7 May 2024

🔔 Create Silicon Labs Vulnerability Alert

What is CVE-2024-22472?

A critical vulnerability exists in the Silicon Labs 500 Series Z-Wave devices due to a buffer overflow condition. This vulnerability may lead to Denial of Service, disrupting the normal operations of affected devices. Additionally, it poses a risk of remote code execution, allowing an attacker to gain unauthorized access and control. This issue impacts all versions of the Silicon Labs 500 Series SDK prior to version 6.85.2, necessitating immediate attention to secure devices against possible exploitation.

Affected Version(s)

Z-Wave SDK ARM 0 < 6.85.2

References

https://community.silabs.com/068Vm000004rZwm

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Jan 10, 2024

CVE-2024-22472 Data

JSON