Filtered by vendor Silabs
Subscriptions
Total
93 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31247 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-28391 | 2 Silabs, Weston-embedded | 4 Gecko Platform, Gecko Software Development Kit, Cesium Net and 1 more | 2025-11-04 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-28379 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | 9 Critical |
| A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-27882 | 2 Silabs, Weston-embedded | 3 Gecko Software Development Kit, Cesium Net, Uc-http | 2025-11-04 | 9 Critical |
| A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2023-45318 | 2 Silabs, Weston-embedded | 3 Gecko Platform, Gecko Software Development Kit, Uc-http | 2025-11-04 | 10 Critical |
| A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2025-10693 | 1 Silabs | 1 Z-wave Sdk | 2025-11-04 | N/A |
| When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join the network as a non-secure device. This vulnerability exists in Silicon Labs' Z-Wave PIR Sensor Reference design delivered as part of SiSDK v2025.6.0 and v2025.6.1. | ||||
| CVE-2025-8414 | 1 Silabs | 2 Gecko Sdk, Simplicity Sdk | 2025-10-21 | N/A |
| Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability. | ||||
| CVE-2024-24731 | 1 Silabs | 1 Gecko Os | 2025-09-30 | 7.5 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. | ||||
| CVE-2024-23973 | 1 Silabs | 1 Gecko Os | 2025-09-30 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. | ||||
| CVE-2023-41093 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2025-09-25 | 3.1 Low |
| Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0. | ||||
| CVE-2024-3017 | 1 Silabs | 1 Sisdk | 2025-09-16 | 6.5 Medium |
| In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service. | ||||
| CVE-2025-7448 | 1 Silabs | 1 Wi-sun Stack | 2025-09-15 | N/A |
| Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack | ||||
| CVE-2025-1394 | 1 Silabs | 1 Emberznet | 2025-08-08 | N/A |
| Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS). | ||||
| CVE-2025-2837 | 1 Silabs | 1 Gecko Os | 2025-08-08 | N/A |
| Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23245. | ||||
| CVE-2025-2838 | 1 Silabs | 1 Gecko Os | 2025-08-08 | N/A |
| Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DNS responses. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23392. | ||||
| CVE-2025-1221 | 1 Silabs | 1 Emberznet | 2025-07-31 | N/A |
| A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host system (CPCd) due to heavy Zigbee traffic, resulting in a Denial of Service (DoS) attack, Only hard reset will bring the device to normal operation | ||||
| CVE-2024-50929 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.2 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). | ||||
| CVE-2024-50928 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.5 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller. | ||||
| CVE-2024-50924 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.5 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller. | ||||
| CVE-2024-50921 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.5 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. | ||||