This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 07 Jul 2025 14:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Silabs Silabs gecko Os | |
| CPEs | cpe:2.3:o:silabs:gecko_os:*:*:*:*:*:*:*:* | |
| Vendors & Products | Silabs Silabs gecko Os | 
Fri, 31 Jan 2025 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-120 | |
| Metrics | cvssV3_1 
 
 | 
Thu, 30 Jan 2025 23:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. | |
| Title | Silicon Labs Gecko OS http_download Stack-based Buffer Overflow | |
| References |  | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: icscert
Published: 2025-01-30T23:25:00.944Z
Updated: 2025-08-27T15:37:51.986Z
Reserved: 2024-01-27T11:52:56.192Z
Link: CVE-2024-24731
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-01-31T18:52:58.209Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-01-31T00:15:10.137
Modified: 2025-09-30T18:09:00.597
Link: CVE-2024-24731
 Redhat
                        Redhat
                    No data.