CVE-2023-5310

Z-Wave Denial of Service caused by Stream of Packets

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

Existe una vulnerabilidad de denegación de servicio en todos los controladores y dispositivos de endpoint Z-Wave de Silicon Labs que ejecutan Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) y versiones anteriores. Este ataque solo puede ser llevado a cabo por dispositivos en la red que envían un flujo de paquetes al dispositivo.

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-09-29 CVE Reserved
2023-12-15 CVE Published
2024-10-08 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-248: Uncaught Exception
CWE-754: Improper Check for Unusual or Exceptional Conditions

CAPEC

CAPEC-601: Jamming

References (1)

URL	Tag	Source
https://github.com/SiliconLabs/gecko_sdk/releases	Release Notes

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Silabs Search vendor "Silabs"	Z-wave Software Development Kit Search vendor "Silabs" for product "Z-wave Software Development Kit"	<= 7.20.2.0 Search vendor "Silabs" for product "Z-wave Software Development Kit" and version " <= 7.20.2.0"	-	Affected	in	Silabs Search vendor "Silabs"	Z-wave Long Range 700 Search vendor "Silabs" for product "Z-wave Long Range 700"	-	-	Safe
Silabs Search vendor "Silabs"	Z-wave Software Development Kit Search vendor "Silabs" for product "Z-wave Software Development Kit"	<= 7.20.2.0 Search vendor "Silabs" for product "Z-wave Software Development Kit" and version " <= 7.20.2.0"	-	Affected	in	Silabs Search vendor "Silabs"	Z-wave Long Range 800 Search vendor "Silabs" for product "Z-wave Long Range 800"	-	-	Safe