CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41096 – Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
https://notcve.org/view.php?id=CVE-2023-41096
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. Vulnerabilidad de Falta de Cifrado de Claves de Seguridad en Silicon Labs Ember ZNet SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de las credenciales de red almacenadas en la memoria flash. Este problema afecta a Silicon Labs Ember ZNet SDK: 7.3.1 y versiones anteriores. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41094 – Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet
https://notcve.org/view.php?id=CVE-2023-41094
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected Los paquetes TouchLink procesados después del tiempo de espera o fuera del alcance debido a la operación de un recurso después de la caducidad y la falta de liberación del recurso después de la vida útil efectiva pueden permitir que se agregue un dispositivo fuera del alcance válido de TouchLink o de la duración del emparejamiento. Este problema afecta a Ember ZNet 7.1.x desde 7.1 .3 a 7.1.5; 7.2.x desde 7.2.0 hasta 7.2.3; La versión 7.3 y posteriores no se ven afectadas • https://community.silabs.com/0688Y00000aIPzL • CWE-672: Operation on a Resource after Expiration or Release CWE-772: Missing Release of Resource after Effective Lifetime CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24939 – Malformed Zigbee packet with invalid destination address causes Assert
https://notcve.org/view.php?id=CVE-2022-24939
A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto que contiene una dirección de destino no válida provoca un desbordamiento de pila en Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000IWDCwQAP?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24938 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.1 or earlier
https://notcve.org/view.php?id=CVE-2022-24938
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto provoca un desbordamiento de pila en la pila Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000HbLj2QAF?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24937 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier
https://notcve.org/view.php?id=CVE-2022-24937
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Restricción inadecuada de operaciones dentro de los límites de una vulnerabilidad de búfer de memoria en Silicon Labs Ember ZNet permite desbordamiento de búferes. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000HbLj2QAF?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •