What the vulnerability does
01Description
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
CVE-2023-0971
CRITICAL
CVE-2023-0971: Command Authentication Bypass in Z/IP Gateway
CVSS base score
9.6/10
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
June 21, 2023
CVE published
December 6, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-48218 Strapi Protected Populate Plugin leaking fields if the request fields where empty or only fields selected where not populatable
CVE-2025-1540 Incorrect Authorization in GitLab
CVE-2025-12756 Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion
CVE-2023-35165 AWS CDK EKS overly permissive trust policies
CVE-2026-3236
