CVE-2022-24611

MEDIUM

Silicon Labs Z-Wave 500 Series Firmware - Denial of Service via S0 NonceGet Packet NodeID Spoofing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24611. PoCs published by ITSecLab-HSEL.

AI-analyzed exploit summary This repository provides a detailed description of CVE-2022-24611, a Denial of Service (DoS) vulnerability affecting Z-Wave S0 and S2 devices. The attack leverages spoofed S0 NonceGet requests to block Z-Wave gateways from issuing new nonces, rendering the network unusable.

Description

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.

Exploits (1)

nomisec WRITEUP 2 stars
by ITSecLab-HSEL · poc
https://github.com/ITSecLab-HSEL/CVE-2022-24611

This repository provides a detailed description of CVE-2022-24611, a Denial of Service (DoS) vulnerability affecting Z-Wave S0 and S2 devices. The attack leverages spoofed S0 NonceGet requests to block Z-Wave gateways from issuing new nonces, rendering the network unusable.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Z-Wave ZW5xx SoC (tested on Amazon Ring Alarm Security Kit, 5 piece)
No auth needed
Prerequisites: Physical proximity to the target Z-Wave network · Presence of an offline but included device in the network
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Not Applicable x_refsource_misc
http://z-wave.com

Scores

CVSS v3 6.5
EPSS 0.0072
EPSS Percentile 49.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (5)
silabs/sd3502_firmware
silabs/sd3503_firmware
silabs/zm5101_firmware
silabs/zm5202_firmware
silabs/zm5304_firmware
Published May 17, 2022
Tracked Since Feb 18, 2026