Описание
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
Ссылки
- Third Party Advisory
- Permissions Required
- Third Party Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия до 7.18.03 (включая)
cpe:2.3:a:silabs:z\/ip_gateway_sdk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00692
Низкий
6.4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-1279
CWE-908
Связанные уязвимости
CVSS3: 6.4
github
около 2 лет назад
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.
EPSS
Процентиль: 71%
0.00692
Низкий
6.4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-1279
CWE-908