Description
DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| silabs.com | Configuration Wizard 2 | affected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-50420 | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
References
| Link | Providers |
|---|---|
| https://community.silabs.com/068Vm00000JUQwd |
|
History
Fri, 24 Jan 2025 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. | |
| Title | Uncontrolled search path can lead to DLL hijacking in Configuration Wizard 2 installer | |
| Weaknesses | CWE-427 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: Silabs
Published:
Updated: 2025-02-12T20:01:20.529Z
Reserved: 2024-10-03T18:21:38.374Z
Link: CVE-2024-9491
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2025-01-24T15:15:10.817
Modified: 2026-04-15T00:35:42.020
Link: CVE-2024-9491
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses