CVE-2022-24611

Published: 17/05/2022 Updated: 26/05/2022

CVSS v2 Base Score: 6.1 | Impact Score: 6.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 543

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local malicious users to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
silabs zm5202_firmware -
silabs zm5101_firmware -
silabs sd3503_firmware -
silabs sd3502_firmware -
silabs zm5304_firmware -

Details regarding the Z-Wave S0-No-More attack

CVE-2022-24611 Details regarding the Z-Wave S0-No-More attack For a full analysis and report how this works and how to reproduce the findings see the attached PDF file Short description: Denial of Service attack against S0 and S2 devices (tested with the Z- Wave ZW5xx product line), here specifically Z-Wave enabled Ama- zon Ring Gen 1 devices An attacker can use the S0 Nonc

NVD-CWE-noinfo https://github.com/ITSecLab-HSEL/CVE-2022-24611 http://z-wave.com https://nvd.nist.gov https://github.com/ITSecLab-HSEL/CVE-2022-24611

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-24611

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect