PT-2023-27782 · Silicon · Silicon Labs Ember Znet Sdk
Published
2023-10-26
·
Updated
2024-09-25
·
CVE-2023-41096
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Silicon Labs Ember ZNet SDK versions 7.3.1 and earlier
Description
The issue allows potential modification or extraction of network credentials stored in flash due to missing encryption of security keys in the Silicon Labs Ember ZNet SDK on 32-bit, ARM (SecureVault High modules).
Recommendations
For versions 7.3.1 and earlier, update to a version that includes the necessary encryption for security keys to prevent potential modification or extraction of network credentials.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Encryption of Sensitive Data
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Silicon Labs Ember Znet Sdk