Description
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.
References (1)
Core 1
Core References
Various Sources vendor-advisory
permissions-required
https://community.silabs.com/a45Vm0000003UcfIAE
Scores
CVSS v4
7.4
EPSS
0.0015
EPSS Percentile
4.8%
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (1)
silabs.com/Simplicity Studio V6
< 0.100.18
Published
Dec 04, 2025
Tracked Since
Feb 18, 2026