Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
AnalysisAI
Hardware random number generator (HRNG) in Silicon Labs RS9116 SDK versions up to 2.13.1 produces predictable cryptographic values when the wireless module operates in power save mode, enabling adjacent attackers with user interaction to compromise encrypted communications and authentication mechanisms. Vendor patch available via GitHub; no active exploitation confirmed but cryptographic weakness poses high risk to WiFi/Bluetooth IoT deployments relying on the affected module's entropy source.
Technical ContextAI
The RS9116 is a WiFi/Bluetooth combo wireless module from Silicon Labs targeting IoT applications. This vulnerability (CWE-332: Insufficient Entropy) affects the hardware random number generator (HRNG) component within the RS9116 SDK. When power save mode is enabled-a common configuration to extend battery life in IoT devices-timing constraints on the HRNG's operation introduce deterministic patterns in the generated random values. Cryptographic operations requiring entropy (key generation, nonce creation, session token generation) become predictable, fundamentally breaking the security assumptions of encryption, authentication protocols like WPA2/WPA3, and Bluetooth pairing. The affected product identified by CPE cpe:2.3:a:silicon_labs:rs9116_sdk:*:*:*:*:*:*:*:* encompasses all SDK versions through 2.13.1.
RemediationAI
Upgrade to RS9116 SDK version 2.13.2 or later, which addresses the HRNG timing vulnerability in power save mode. Patched firmware and SDK components are available from the Silicon Labs WiseConnect GitHub repository at https://github.com/SiliconLabs/wiseconnect-wifi-bt-sdk/. Consult the vendor advisory at https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000nIg6IIAS for migration guidance and compatibility notes. If immediate patching is not feasible, DISABLE POWER SAVE MODE on RS9116 modules to eliminate timing constraints on the HRNG-this trades increased power consumption for restored entropy quality and is suitable for mains-powered deployments but degrades battery life in portable devices. Additionally, implement application-layer cryptographic key diversification using external entropy sources (host MCU TRNG, server-provided session material) to reduce reliance on the module's HRNG-this requires application code changes and does not fully mitigate the vulnerability but provides defense-in-depth. Audit existing deployed devices for power save configuration and prioritize firmware updates for battery-operated units in security-sensitive roles.
Same weakness CWE-332 – Insufficient Entropy in PRNG
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30381
GHSA-rjvv-82rg-ppqh