Primary

Context

Shelly Pro 3EM Out-of-Bounds Read Vulnerability Allowing Denial-of-Service

Vulnerability

A vulnerability allowing an out-of-bounds read has been identified in the Shelly Pro 3EM smart device, affecting versions prior to 1.4.4. This vulnerability allows for buffer over-read, which can be exploited to cause an arbitrary reboot of the device, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability allows an unauthenticated attacker to arbitrarily reboot the device, causing a denial-of-service condition.

Remediation

It is recommended to segregate the device in a dedicated and protected network until a software patch is released.

Added: Nov 19, 2025, 7:22 AM

Updated: Nov 19, 2025, 7:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shelly Pro 3EM Out-of-Bounds Read Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating