Filtered by vendor Silabs
Subscriptions
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3487 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | 7.7 High |
| An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | ||||
| CVE-2023-3024 | 2 Qualcomm, Silabs | 9 Aqt1000, Csrb31024, Wcd9370 and 6 more | 2024-11-21 | 5.9 Medium |
| Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | ||||
| CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-28391 | 2 Silabs, Weston-embedded | 4 Gecko Platform, Gecko Software Development Kit, Cesium Net and 1 more | 2024-11-21 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-28379 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-27882 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
| A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-25181 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 9 Critical |
| A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-24585 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2024-11-21 | 7.7 High |
| An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-24611 | 1 Silabs | 10 Sd3502, Sd3502 Firmware, Sd3503 and 7 more | 2024-11-21 | 6.5 Medium |
| Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. | ||||
| CVE-2021-31609 | 1 Silabs | 2 Iwrap, Wt32i-a | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet. | ||||
| CVE-2020-9061 | 4 Aeotec, Samsung, Silabs and 1 more | 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more | 2024-11-21 | 6.5 Medium |
| Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | ||||
| CVE-2020-9060 | 4 Aeotec, Fibaro, Silabs and 1 more | 6 Zw090-a, Fgwpb-111, 500 Series Firmware and 3 more | 2024-11-21 | 6.5 Medium |
| Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages. | ||||
| CVE-2020-9059 | 2 Schlage, Silabs | 2 Be468, 500 Series Firmware | 2024-11-21 | 6.5 Medium |
| Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. | ||||
| CVE-2020-9058 | 4 Dome, Jasco, Linear and 1 more | 4 Dm501, Zw4201, Lb60z-1 and 1 more | 2024-11-21 | 8.1 High |
| Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. | ||||
| CVE-2020-9057 | 2 Linear, Silabs | 5 Wadwaz-1, Wapirz-1, 100 Series Firmware and 2 more | 2024-11-21 | 8.8 High |
| Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable. | ||||
| CVE-2020-27630 | 1 Silabs | 1 Uc\/tcp-ip | 2024-11-21 | 9.8 Critical |
| In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | ||||
| CVE-2020-15532 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | 6.5 Medium |
| Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | ||||
| CVE-2020-15531 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | 8.8 High |
| Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | ||||
| CVE-2020-13582 | 1 Silabs | 1 Micrium Uc-http | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-10137 | 1 Silabs | 2 700 Series Firmware, Uzb-7 | 2024-11-21 | 6.5 Medium |
| Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events. | ||||