CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31609
https://notcve.org/view.php?id=CVE-2021-31609
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet. La implementación de Bluetooth Classic en Silicon Labs iWRAP versiones 6.3.0 y anteriores, no maneja apropiadamente la recepción de un paquete LMP de tamaño superior a 17 bytes, que permite a atacantes en el rango de radio desencadenar un fallo en WT32i por medio de un paquete LMP diseñado • https://dl.packetstormsecurity.net/papers/general/braktooth.pdf https://www.silabs.com/wireless/bluetooth/bluegiga-classic-legacy-modules/device.wt32i-a •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13582
https://notcve.org/view.php?id=CVE-2020-13582
A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del HTTP Server de Micrium uC-HTTP versión 3.01.00. Una petición HTTP especialmente diseñada puede causar una denegación de servicio. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1193 • CWE-476: NULL Pointer Dereference CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-15531
https://notcve.org/view.php?id=CVE-2020-15531
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. Silicon Labs Bluetooth Low Energy SDK versiones anteriores a 2.13.3, presenta un desbordamiento de búfer por medio de paquetes de datos. Esta es una vulnerabilidad de ejecución de código remota por aire en Bluetooth LE en los SoC EFR32 y módulos asociados que ejecutan Bluetooth SDK, que admiten funciones de Central u Observer. • https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655 https://www.youtube.com/watch?v=saoTr1NwdzM • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15532
https://notcve.org/view.php?id=CVE-2020-15532
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. Silicon Labs Bluetooth Low Energy SDK versiones anteriores a 2.13.3, presenta un desbordamiento de búfer por medio de paquetes de datos. Se trata de una vulnerabilidad de denegación de servicio por aire en Bluetooth LE en los SoC EFR32 y módulos asociados que ejecutan Bluetooth SDK, admitiendo los roles Central u Observer. • https://github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_dos.py https://github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs https://www.blackhat.com/us-20/briefings/schedule/#finding-new-bluetooth-low-energy-exploits-via-reverse-engineering-multiple-vendors-firmwares-19655 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19983
https://notcve.org/view.php?id=CVE-2018-19983
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. • https://github.com/min1233/CVE/blob/master/2 • CWE-330: Use of Insufficiently Random Values •