CVE-2023-4489 – Z/IP Gateway Use of Uninitialized PRNG when Generating S0 Encryption Key
https://notcve.org/view.php?id=CVE-2023-4489
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. La primera clave de cifrado S0 se genera con un PRNG no inicializado en productos Z/IP Gateway que ejecutan Silicon Labs Z/IP Gateway SDK v7.18.3 y versiones anteriores. Esto hace que la primera clave S0 generada al inicio sea predecible, lo que potencialmente permite la predicción de claves de red y el acceso no autorizado a la red S0. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1 • CWE-908: Use of Uninitialized Resource CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready •
CVE-2023-24585
https://notcve.org/view.php?id=CVE-2023-24585
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de los límites en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar daños en la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-25181
https://notcve.org/view.php?id=CVE-2023-25181
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un conjunto de paquetes de red especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-28391
https://notcve.org/view.php?id=CVE-2023-28391
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server de Weston Embedded uC-HTTP v3.01.01. Los paquetes de red especialmente manipulados pueden conducir a la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1732 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-27882
https://notcve.org/view.php?id=CVE-2023-27882
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1733 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •