CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7322 – Dos in ZigBee device due to unsolicited encrypted rejoin response
https://notcve.org/view.php?id=CVE-2024-7322
15 Jan 2025 — A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established Un coordinador, enrutador o dispositivo final de ZigBee puede cambiar su ID de nodo cuando recibe una respuesta de reincorporación cifrada no solicitada. Este cambio en la ID del nodo provoca una denegación de servicio (DoS). Para recuperarse de esta denegación de ser... • https://community.silabs.com/068Vm00000I7ri2 • CWE-346: Origin Validation Error •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51393 – Potential DoS due to BusFault and Assert in Ember ZNet legacy packet buffer
https://notcve.org/view.php?id=CVE-2023-51393
23 Feb 2024 — Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network. Debido a una asignación de recursos sin límites, existe una vulnerabilidad de consumo de recursos incontrolado en Silicon Labs Ember ZNet SDK anterior a v7.4.0.0 (entregado com... • https://community.silabs.com/068Vm000001NaAM • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41096 – Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
https://notcve.org/view.php?id=CVE-2023-41096
26 Oct 2023 — Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. Vulnerabilidad de Falta de Cifrado de Claves de Seguridad en Silicon Labs Ember ZNet SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de las credenciales de red almacenadas en la memoria flash. ... • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41094 – Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet
https://notcve.org/view.php?id=CVE-2023-41094
04 Oct 2023 — TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected Los paquetes TouchLink procesados después del tiempo de espera o fuera del alcance debido a la operación de un recurso después de la c... • https://community.silabs.com/0688Y00000aIPzL • CWE-672: Operation on a Resource after Expiration or Release CWE-772: Missing Release of Resource after Effective Lifetime CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24939 – Malformed Zigbee packet with invalid destination address causes Assert
https://notcve.org/view.php?id=CVE-2022-24939
17 Nov 2022 — A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto que contiene una dirección de destino no válida provoca un desbordamiento de pila en Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24938 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.1 or earlier
https://notcve.org/view.php?id=CVE-2022-24938
14 Nov 2022 — A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error. Un paquete con formato incorrecto provoca un desbordamiento de pila en la pila Ember ZNet. Esto provoca una afirmación que conduce a un reinicio, eliminando inmediatamente el error. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24937 – Malformed Zigbee packet causes Assert in EmberZNet 7.0.0 or earlier
https://notcve.org/view.php?id=CVE-2022-24937
14 Nov 2022 — Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Restricción inadecuada de operaciones dentro de los límites de una vulnerabilidad de búfer de memoria en Silicon Labs Ember ZNet permite desbordamiento de búferes. • https://github.com/SiliconLabs/gecko_sdk • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •