First published: Wed Jun 21 2023(Updated: )
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
Credit: product-security@silabs.com product-security@silabs.com
Affected Software | Affected Version | How to fix |
---|---|---|
Silabs Z\/ip Gateway Sdk | <=7.18.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-0971 is critical with a CVSS score of 8.8.
CVE-2023-0971 exploits a logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier, which allows authentication to be bypassed.
An attacker exploiting CVE-2023-0971 can remotely administer Z-Wave controllers and recover S0/S2 encryption keys.
The affected software for CVE-2023-0971 is SiLabs Z/IP Gateway SDK versions up to and including 7.18.02.
To fix CVE-2023-0971, it is recommended to update to SiLabs Z/IP Gateway SDK version 7.18.03 or later.