THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-4013

Failure to update BT Mesh Replay Protection List

AssignerSilabs
Reserved2024-04-19
Published2024-06-06
Updated2024-06-07

Description

A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#.



MEDIUM: 5.6CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-404 Improper Resource Shutdown or Release

Product status

Default status
unaffected

3.1.0
affected

References

https://community.silabs.com/068Vm000006rR53 vendor-advisory permissions-required

https://github.com/SiliconLabs/gecko_sdk/releases product

cve.org CVE-2024-4013

nvd.nist.gov CVE-2024-4013

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-4013
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +