Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent radio attack with no privileges/UI; predictable keys break confidentiality and enable device impersonation (I:H) affecting downstream connected systems, hence scope change S:C; no availability impact.
Primary rating from Vendor (Silabs).
CVSS VectorVendor: Silabs
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
AnalysisAI
Predictable cryptographic key generation in Silicon Labs EFR32xG27 wireless SoCs stems from incorrect use of the on-chip PUF (Physical Unclonable Function) when deriving user keys, allowing an adjacent attacker to anticipate or reconstruct keys that should be unique and secret. Affected firmware built with the Silicon Labs SiSDK loses the confidentiality and authentication guarantees of derived keys. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target's user keys were generated using the affected EFR32xG27 PUF-based key-generation path in the vulnerable SiSDK - devices provisioned/keyed with the flawed code are the vulnerable population. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/SI:H, base 8.4 High) indicates an adjacent-network, low-complexity attack requiring no privileges or user interaction, with high confidentiality impact and high impact to subsequent (downstream/connected) systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker within wireless range of an EFR32xG27-based device predicts or reconstructs the device's user key by exploiting the flawed PUF-based key generation, then decrypts intercepted communications or impersonates the device to connected systems. No public POC is known, so the attacker must perform device-specific cryptanalysis informed by the disclosed flaw rather than run an off-the-shelf exploit; the low attack complexity (AC:L) means no special timing or race conditions are required once adjacency is achieved. |
| Remediation | Apply the Silicon Labs fix by updating to the patched SiSDK from the official release repository (https://github.com/SiliconLabsSoftware/sisdk-release) and consult the vendor advisory (https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000kDYsfIAG?operationContext=S1) for the exact fixed version and any required key re-provisioning steps - the input confirms a patch is available but does not name an exact fixed version, so verify it in the advisory rather than assuming. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all devices using EFR32xG27 SoCs and identify current SiSDK firmware versions in production; contact Silicon Labs for patch availability and compatibility assessment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39394
GHSA-f2cj-j66g-55wj