Vulnerability Description
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silabs | Z-Wave Software Development Kit | <= 7.20.2.0 |
| Silabs | Z-Wave Long Range 700 | - |
| Silabs | Z-Wave Long Range 800 | - |
Related Weaknesses (CWE)
References
- https://github.com/SiliconLabs/gecko_sdk/releasesRelease Notes
- https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0Permissions Required
- https://github.com/SiliconLabs/gecko_sdk/releasesRelease Notes
- https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0Permissions Required
FAQ
What is CVE-2023-5310?
CVE-2023-5310 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by de...
How severe is CVE-2023-5310?
CVE-2023-5310 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5310?
Check the references section above for vendor advisories and patch information. Affected products include: Silabs Z-Wave Software Development Kit, Silabs Z-Wave Long Range 700, Silabs Z-Wave Long Range 800.