CVE-2024-22472 HIGH

CVE-2024-22472: Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow

Vendor Silicon Labs
Product Z-Wave SDK
Weakness CWE-120
Published May 7, 2024
Last update August 1, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices.

Key dates

02Disclosure timeline

May 7, 2024 CVE published
August 1, 2024 Record updated