NotCVE - vendor:"Silabs"

Page 13 of 75 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1

CVE-2022-24611

https://notcve.org/view.php?id=CVE-2022-24611

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. Una denegación de servicio (DoS) en la especificación del protocolo Z-Wave S0 NonceGet en la serie Z-Wave 500 de Silicon Labs permite a atacantes locales bloquear la red Z-Wave protegida S0/S2 por medio de paquetes Z-Wave S0 NonceGet diseñados, usando NodeIDs incluidos pero ausentes • https://github.com/ITSecLab-HSEL/CVE-2022-24611 http://z-wave.com •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27411 – Micrium OS Integer Overflow or Wraparound

https://notcve.org/view.php?id=CVE-2021-27411

Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. Micrium OS versiones 5.10.1 y anteriores, de son vulnerables a una envoltura de enteros en las funciones Mem_DynPoolCreate, Mem_DynPoolCreateHW y Mem_PoolCreate. Esta asignación de memoria no verificada puede conllevar a una asignación de memoria arbitraria, resultando en comportamientos inesperados como la asignación de bloques de memoria muy pequeños en lugar de muy grandes • https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 https://www.silabs.com/developers/micrium-os • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 1

CVE-2018-25029

https://notcve.org/view.php?id=CVE-2018-25029

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. La especificación Z-Wave requiere que la seguridad S2 pueda ser degradada a S0 u otros protocolos menos seguros, permitiendo a un atacante dentro del rango de radio durante el emparejamiento degradar y luego explotar una vulnerabilidad diferente (CVE-2013-20003) para interceptar y falsificar el tráfico • https://community.silabs.com/s/share/a5U1M000000knqNUAQ/updated-your-zwave-smart-locks-are-safe-and-secure https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •

CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 1

CVE-2013-20003

https://notcve.org/view.php?id=CVE-2013-20003

Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. Los dispositivos Z-Wave de Sierra Designs (alrededor de 2013) y Silicon Labs (que usan seguridad S0) pueden usar una clave de red conocida y compartida de todos los ceros, lo que permite a un atacante dentro del rango de radio falsificar el tráfico Z-Wave • https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-10137

https://notcve.org/view.php?id=CVE-2020-10137

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events. Los dispositivos Z-Wave basados en los conjuntos de chips de la serie 700 de Silicon Labs que usan S2 no autentican o cifran adecuadamente las tramas FIND_NODE_IN_RANGE, permitiendo a un atacante remoto no autenticado inyectar una trama FIND_NODE_IN_RANGE con una carga útil aleatoria no válida, negando el servicio al bloquear el procesamiento de los próximos eventos • https://doi.org/10.1109/ACCESS.2021.3138768 https://github.com/CNK2100/VFuzz-public https://ieeexplore.ieee.org/document/9663293 https://kb.cert.org/vuls/id/142629 https://www.kb.cert.org/vuls/id/142629 • CWE-345: Insufficient Verification of Data Authenticity •

1...11 12 13 14 15