Home

Description

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.

PUBLISHED Reserved 2025-09-11 | Published 2025-12-04 | Updated 2025-12-05 | Assigner Silabs




HIGH: 7.4CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

Any version before 0.100.18
affected

References

community.silabs.com/a45Vm0000003UcfIAE vendor-advisory permissions-required

cve.org (CVE-2025-10285)

nvd.nist.gov (CVE-2025-10285)