Remote code execution

2020-08-2001:17:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.

CPENameOperatorVersion
bluetooth_low_energy_software_development_kitlt2.13.3.0

CPE	Name	Operator	Version
	bluetooth_low_energy_software_development_kit	lt	2.13.3.0

References

github.com/darkmentorllc/jackbnimble/blob/master/host/pocs/silabs_efr32_extadv_rce.py

github.com/darkmentorllc/publications/tree/master/2020/TI_SILABS_BLE_RCEs

www.blackhat.com/us-20/briefings/schedule/

www.youtube.com/watch?v=saoTr1NwdzM