CVE-2023-5310 — Vulnetix

CVE-2023-5310 PUBLISHED CVSS 5.699999809265137 MEDIUM

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.

EPSS 0.08% · 23.8th percentile

Risk Scores

CVSS 3.1

5.699999809265137

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.08%

23.8th percentile

Affected Products

Vendor	Product	Versions
silabs	z-wave_software_development_kit	0, 0, 0
silabs.com	Gecko SDK	0, 0, 0

Exploit Intelligence

CIRCL seen: CVE-2023-5310 (circl-sighting)
https://github.com/SiliconLabs/gecko_sdk/releases (circl)
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1 (circl)

Timeline

Dec 15, 2023 CVE Published
Dec 16, 2023 EPSS Score
Jan 11, 2024 PoC Published
Jan 14, 2024 EPSS Score
Feb 12, 2024 EPSS Score
Mar 12, 2024 EPSS Score
Apr 11, 2024 EPSS Score
May 10, 2024 EPSS Score
Jun 8, 2024 EPSS Score
Jul 7, 2024 EPSS Score
Aug 5, 2024 EPSS Score
Sep 3, 2024 EPSS Score

References

Open in Interactive Console →