Login Sign Up

CVE-2023-6874

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-6874 is a denial of service vulnerability in Silicon Labs Ember ZNet wireless networking stack versions before 7.4.0. Attackers can manipulate NWK sequence numbers to cause network disruption or device crashes. This affects IoT devices using Ember ZNet for Zigbee/Thread networking.

💻 Affected Systems

Products:
  • Silicon Labs Ember ZNet wireless networking stack
Versions: All versions prior to 7.4.0
Operating Systems: Embedded systems using Silicon Labs wireless chips
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using Ember ZNet for Zigbee or Thread networking protocols.

📦 What is this software?

Gecko Software Development Kit by Silabs

View all CVEs affecting Gecko Software Development Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network disruption rendering IoT devices unresponsive, requiring physical reset or network reconfiguration.

🟠

Likely Case

Temporary network instability causing intermittent device disconnections and degraded performance.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring detecting anomalous sequence number patterns.

🌐 Internet-Facing: MEDIUM - Requires network access but IoT devices often have limited security controls.
🏢 Internal Only: HIGH - Internal attackers can easily disrupt critical IoT networks like building automation or industrial controls.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires network access but no authentication. Sequence number manipulation is straightforward for attackers with network visibility.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.0 and later

Vendor Advisory: https://community.silabs.com/069Vm000000WXaOIAW

Restart Required: Yes

Instructions:

1. Update to Ember ZNet SDK version 7.4.0 or later. 2. Recompile firmware with updated SDK. 3. Deploy updated firmware to affected devices. 4. Restart devices to apply changes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IoT networks from general corporate networks to limit attack surface

Traffic Monitoring

all

Monitor for anomalous NWK sequence number patterns in network traffic

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can communicate with IoT devices
  • Deploy network monitoring to detect and alert on sequence number manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check Ember ZNet SDK version in device firmware. Versions below 7.4.0 are vulnerable.

Check Version:

Device-specific command varies by manufacturer. Typically requires accessing device management interface or checking firmware version.

Verify Fix Applied:

Confirm device is running firmware compiled with Ember ZNet SDK 7.4.0 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected device resets
  • Network join failures
  • Sequence number anomalies in network logs

Network Indicators:

  • Unusual NWK sequence number patterns
  • Excessive network layer retransmissions
  • Abnormal network traffic to IoT devices

SIEM Query:

Search for: device_type="IoT" AND (event_type="reset" OR event_type="disconnect") AND protocol="Zigbee" OR protocol="Thread"

📊 Metadata

CVE ID: CVE-2023-6874
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-312
Published: February 5, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6874, you might also want to check these:

CVE-2022-43757 9.9

CVE-2022-43757 is a cleartext storage vulnerability in SUSE Rancher that allows users on managed clu...

Same vulnerability type (CWE-312)
CVE-2021-29954 9.8

This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionali...

Same vulnerability type (CWE-312)
CVE-2022-26148 9.8

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated wi...

Same vulnerability type (CWE-312)