CVE-2022-24611
MEDIUMSilicon Labs Z-Wave 500 Series Firmware - Denial of Service via S0 NonceGet Packet NodeID Spoofing
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-24611. PoCs published by ITSecLab-HSEL.
AI-analyzed exploit summary This repository provides a detailed description of CVE-2022-24611, a Denial of Service (DoS) vulnerability affecting Z-Wave S0 and S2 devices. The attack leverages spoofed S0 NonceGet requests to block Z-Wave gateways from issuing new nonces, rendering the network unusable.
Description
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.
Exploits (1)
This repository provides a detailed description of CVE-2022-24611, a Denial of Service (DoS) vulnerability affecting Z-Wave S0 and S2 devices. The attack leverages spoofed S0 NonceGet requests to block Z-Wave gateways from issuing new nonces, rendering the network unusable.
References (2)
Scores
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H