Description
The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
References (1)
Core 1
Core References
Various Sources
https://community.silabs.com/068Vm0000029Xq5
Scores
CVSS v3
8.8
EPSS
0.0006
EPSS Percentile
18.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-125
CWE-787
Status
published
Products (4)
Silicon Labs/Z-Wave SDK
7.17.5
Silicon Labs/Z-Wave SDK
7.18.8
Silicon Labs/Z-Wave SDK
7.19.3
Silicon Labs/Z-Wave SDK
7.20.0
Published
Mar 07, 2024
Tracked Since
Feb 18, 2026