CVE-2023-41094
04.10.2023, 21:15
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffectedEnginsight
| Vendor | Product | Version |
|---|---|---|
| silabs | emberznet | 7.1.3 ≤ 𝑥 ≤ 7.1.5 |
| silabs | emberznet | 7.2.0 ≤ 𝑥 ≤ 7.2.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-940 - Improper Verification of Source of a Communication ChannelThe software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
- CWE-672 - Operation on a Resource after Expiration or ReleaseThe software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.