CVE-2022-24611

MEDIUM

Silicon Labs Z-Wave 500 - DoS

Title source: llm

Description

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.

Exploits (1)

nomisec WRITEUP 2 stars

by ITSecLab-HSEL · poc

https://github.com/ITSecLab-HSEL/CVE-2022-24611

View Code ZIP pw:eip

References (2)

Core 2

Core References

Not Applicable x_refsource_misc

http://z-wave.com

Third Party Advisory x_refsource_misc

https://github.com/ITSecLab-HSEL/CVE-2022-24611

Scores

CVSS v3 6.5

EPSS 0.0025

EPSS Percentile 48.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (5)

silabs/sd3502_firmware

silabs/sd3503_firmware

silabs/zm5101_firmware

silabs/zm5202_firmware

silabs/zm5304_firmware

Published May 17, 2022

Tracked Since Feb 18, 2026