CVE-2023-0971

Summary

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

Affected Software

VendorProductVersion RangeStatus
Silicon LabsZ/IP Gateway7.18.03unaffected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization
  • CWE-268: CWE-268 Privilege Chaining

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References