Aggregates CVE and security vulnerability intelligence across all shelly-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow and vendor risk memory corruption, with potential vendor impact application crash and vendor impact memory corruption across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-42144 | Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | [email protected] | 5.5 | 0.04% | 2024-01-23 | 2025-06-20 |
| CVE-2023-42143 | Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware. | [email protected] | 5.4 | 0.08% | 2024-01-23 | 2025-05-30 |
| CVE-2023-33383 | Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. | [email protected] | 5.3 | 0.56% | 2023-08-02 | 2024-11-21 |