CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51395 – Z-Wave S0 Decryption Vulnerability in End Devices
https://notcve.org/view.php?id=CVE-2023-51395
07 Mar 2024 — The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. La vulnerabilidad descrita por CVE-2023-0972 también se descubrió en los dispositivos finales Z-Wave de Silicon Labs. Esta vulnerabilidad puede permitir que un atacante no autenticado dentro del alcance de Z-Wave desbordamiento de búfer en la región stack ... • https://community.silabs.com/068Vm0000029Xq5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5310 – Z-Wave Denial of Service caused by Stream of Packets
https://notcve.org/view.php?id=CVE-2023-5310
15 Dec 2023 — A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. Existe una vulnerabilidad de denegación de servicio en todos los controladores y dispositivos de endpoint Z-Wave de Silicon Labs que ejecutan Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) y versiones anteriores. Este ataque solo puede ser llevado a cabo po... • https://github.com/SiliconLabs/gecko_sdk/releases • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •