CVE-2024-24731

EPSS 0.13%
Published 31.01.2025 00:15:10
Last modified 30.09.2025 18:09:00
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Silabs ≫ Gecko Os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.334

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://community.silabs.com/a45Vm0000000Atp

Permissions Required

https://www.zerodayinitiative.com/advisories/ZDI-24-870/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-24731

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24731

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24731

EUVD