CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9490 – Uncontrolled search path can lead to DLL hijacking in Silicon Labs IDE installer
https://notcve.org/view.php?id=CVE-2024-9490
24 Jan 2025 — DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. • https://community.silabs.com/068Vm00000JUQwd • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7322 – Dos in ZigBee device due to unsolicited encrypted rejoin response
https://notcve.org/view.php?id=CVE-2024-7322
15 Jan 2025 — A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established Un coordinador, enrutador o dispositivo final de ZigBee puede cambiar su ID de nodo cuando recibe una respuesta de reincorporación cifrada no solicitada. Este cambio en la ID del nodo provoca una denegación de servicio (DoS). Para recuperarse de esta denegación de ser... • https://community.silabs.com/068Vm00000I7ri2 • CWE-346: Origin Validation Error •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6352 – Malformed packet leads to denial of service in APS layer
https://notcve.org/view.php?id=CVE-2024-6352
13 Jan 2025 — A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert • https://community.silabs.com/069Vm00000HtvDgIAJ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10106 – Ember ZNet buffer overflow in 'packet handoff' plugin
https://notcve.org/view.php?id=CVE-2024-10106
09 Jan 2025 — A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer. • https://community.silabs.com/069Vm00000I1JawIAF • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6350 – EmberZNet malformed MAC layer packet leads to denial of service
https://notcve.org/view.php?id=CVE-2024-6350
08 Jan 2025 — A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically. • https://community.silabs.com/069Vm00000HtvDgIAJ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8361 – DoS caused due to wrong hash length returned for SHA2/224 algorithm
https://notcve.org/view.php?id=CVE-2024-8361
07 Jan 2025 — In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not implemented, device can be recovered only after a hard reset In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which ... • https://community.silabs.com/068Vm00000I7zqo • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7139 – Denial of Service in Silicon Labs RS9116 Bluetooth SDK
https://notcve.org/view.php?id=CVE-2024-7139
19 Dec 2024 — Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service. If a watchdog timer is not enabled, a hard reset is required to recover the device. • https://community.silabs.com/068Vm00000F9zre • CWE-617: Reachable Assertion CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7138 – Denial of Service in Silicon Labs RS9116 Bluetooth SDK
https://notcve.org/view.php?id=CVE-2024-7138
19 Dec 2024 — An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device. • https://community.silabs.com/068Vm00000F9zre • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7137 – Denial of Service in Silicon Labs RS9116 Bluetooth SDK
https://notcve.org/view.php?id=CVE-2024-7137
19 Dec 2024 — The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device. • https://community.silabs.com/068Vm00000F9zre • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50931
https://notcve.org/view.php?id=CVE-2024-50931
10 Dec 2024 — Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. • https://github.com/CNK2100/2024-CVE/blob/main/README.md • CWE-281: Improper Preservation of Permissions •