CVE-2023-2747— Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-2747
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
Source: NVD (National Vulnerability Database)
Vulnerability Description
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1204
Source: NVD (National Vulnerability Database)
Vulnerability Title
Silicon Labs Gecko SDK 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Silicon Labs Gecko SDK(GSDK)是Silicon Labs开源的一个库。将 Silicon Labs 无线软件开发工具包(SDK)和 Gecko 平台结合为一个集成的软件包。 Silicon Labs Gecko SDK存在安全漏洞,该漏洞源于向量未初始化。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| silabs.com | GSDK | 2.0.0 ~ 2.2.1 | - |
II. Public POCs for CVE-2023-2747
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-2747
请登录查看更多情报信息。
Same Patch Batch · silabs.com · 2023-06-15 · 3 CVEs total
| CVE-2023-2686 | 9.8 CRITICAL | Silicon Labs Gecko SDK 安全漏洞 |
| CVE-2023-2683 | 5.3 MEDIUM | Connection update while closing connection may lead to denial-of-service |
IV. Related Vulnerabilities
Same product: GSDK
- CVE-2024-22473
Uninitialized TRNG used for ECDSA after EM2/EM3 sleep for VS - CVE-2024-0240
Silicon Labs EFR32 Bluetooth stack denial of service when se - CVE-2023-6874
Zigbee Unauthenticated DoS via NWK Sequence number manipulat - CVE-2023-6387
Incorrect buffer parsing in Bluetooth LE sample code may lea - CVE-2023-5138
Glitch detection not active by default in Silicon Labs Secur
Same vendor: silabs.com
- CVE-2025-11571
Command Execution vulnerability in Simplicity Installer - CVE-2025-14055
Integer underflow in Secure NCP host - CVE-2025-14547
ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA - CVE-2026-0619
Integer Wraparound DoS in Silicon Labs Matter Implementation - CVE-2025-11004
Reflected XSS vulnerability in Simplicity Device Manager too
V. Comments for CVE-2023-2747
No comments yet