CVE-2023-4489 MEDIUM

CVE-2023-4489: Z/IP Gateway Use of Uninitialized PRNG when Generating S0 Encryption Key

Vendor Silabs.com
Product Z/IP Gateway SDK
Weakness CWE-1279
Published December 14, 2023
Last update May 21, 2025

CVSS base score

6.4/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.

Key dates

02Disclosure timeline

December 14, 2023 CVE published
May 21, 2025 Record updated