Silicon Labs Command Execution Vulnerability via User-Controlled JSON URLs

Vulnerability

A vulnerability exists in certain Silicon Labs endpoints that accept user-controlled input through URLs in JSON format, allowing for command execution. The executed commands can open executables, but cannot include parameters or arguments. This vulnerability requires the attacker to be on the same network.

Impact

Exploitation of this vulnerability allows for unauthorized command execution, with the potential to open executables on the affected system.

Added: Mar 24, 2026, 5:22 PM

Updated: Mar 24, 2026, 5:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

7.5

exploitability

4.9

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

7.5

exploitability

4.9

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Silicon Labs Command Execution Vulnerability via User-Controlled JSON URLs

Vulnerability

Impact

Affected Products

Silicon Labs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating