What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2023-41094.

What is the severity of CVE-2023-41094?

The severity of CVE-2023-41094 is critical with a CVSS score of 9.8.

What software is affected by this vulnerability?

The affected software is Silabs Emberznet versions 7.1.3 to 7.1.5 and 7.2.0 to 7.2.3.

How can this vulnerability be fixed?

There is currently no known fix for this vulnerability. It is recommended to follow the suggestions provided by the vendor.

Vulnerability/
CVE-2023-41094

critical

CWE

672 772 940

4/10/2023

26/9/2024

CVE-2023-41094: Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet

Q: What is the title of this vulnerability?

The title of this vulnerability is TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime.

First published: Wed Oct 04 2023(Updated: )

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

Credit: product-security@silabs.com product-security@silabs.com

Affected Software	Affected Version	How to fix
Silabs Emberznet	>=7.1.3<=7.1.5
Silabs Emberznet	>=7.2.0<=7.2.3

Never miss a vulnerability like this again

Reference Links

https://community.silabs.com/0688Y00000aIPzL

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-41094.
What is the title of this vulnerability?
The title of this vulnerability is TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime.
What is the severity of CVE-2023-41094?
The severity of CVE-2023-41094 is critical with a CVSS score of 9.8.
What software is affected by this vulnerability?
The affected software is Silabs Emberznet versions 7.1.3 to 7.1.5 and 7.2.0 to 7.2.3.
How can this vulnerability be fixed?
There is currently no known fix for this vulnerability. It is recommended to follow the suggestions provided by the vendor.

collector/nvd-index
agent/author
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/silabs
canonical/silabs emberznet
version/silabs emberznet/7.1.3
version/silabs emberznet/7.1.5
version/silabs emberznet/7.2.0
version/silabs emberznet/7.2.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.