THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-4013

Failure to update BT Mesh Replay Protection List

Reserved:2024-04-19
Published:2024-06-06
Updated:2024-06-07

Description

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#.



MEDIUM: 5.6CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-404 Improper Resource Shutdown or Release

Product status

Default status
unaffected

3.1.0
affected

References

https://community.silabs.com/068Vm000006rR53 vendor-advisory permissions-required

https://github.com/SiliconLabs/gecko_sdk/releases product

cve.org CVE-2024-4013

nvd.nist.gov CVE-2024-4013

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-4013