Skip to main content

EmberZNet CVE-2026-47148

| EUVDEUVD-2026-39403 HIGH
Out-of-bounds Read (CWE-125)
2026-06-25 Silabs GHSA-c3rx-2jmc-fr2c
7.1
CVSS 4.0 · Vendor: Silabs
Share

Severity by source

Vendor (Silabs) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable over Zigbee with low complexity, but attacker must be a joined network device (PR:L); impact is process termination only, so A:H with C:N/I:N.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Silabs).

CVSS VectorVendor: Silabs

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 14:30 vuln.today

DescriptionCVE.org

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

AnalysisAI

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to crash a target by sending malformed GetGroupMembership commands, which cause repeated out-of-bounds reads past the message payload and terminate the process. Only devices implementing the Groups cluster are affected, and no information leakage to the sender was observed despite the read primitive. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Join target Zigbee network as device
Delivery
Craft malformed GetGroupMembership command
Exploit
Send to Groups-cluster-capable node
Execution
Trigger out-of-bounds read past payload
Impact
Terminate target process (denial of service)

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to operate a device that has already successfully joined the target's Zigbee network (PR:L) - an outside/unjoined attacker cannot reach the handler - and the target must be an EmberZNet device that supports the ZCL Groups cluster. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are internally consistent and point to a moderate, availability-focused issue rather than a top-tier emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls or compromises a device already joined to the Zigbee network crafts a malformed GetGroupMembership command and sends it to a Groups-cluster-capable EmberZNet target. The over-read past the payload terminates the target's process, taking that node offline; repeating the message sustains the outage. …
Remediation Upgrade EmberZNet to a fixed release beyond 9.0.2 as published in the Silicon Labs SDK; a patch is available per the vendor advisory, but no exact fixed version string was provided in the source data, so confirm the precise patched build against the Silicon Labs advisory (https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1) and the SDK release tags at https://github.com/SiliconLabsSoftware/sisdk-release/ before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all EmberZNet deployments and identify devices running v9.0.2 or earlier that implement the Groups cluster. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-41094 CRITICAL
9.8 Oct 04

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Re

CVE-2022-24937 CRITICAL
9.8 Nov 14

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows

CVE-2022-24938 HIGH
7.5 Nov 14

A malformed packet causes a stack overflow in the Ember ZNet stack. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2026-47154 HIGH
7.1 Jun 25

Remote denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network devi

CVE-2026-47153 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows a device already joined to the Zigb

CVE-2026-47152 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allows an already-joined network device to

CVE-2026-47151 HIGH
7.1 Jun 25

Out-of-bounds memory writes in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allow an already-joined network

CVE-2026-47150 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet (Zigbee stack) versions 9.0.2 and earlier allows an already-joined network d

CVE-2026-47149 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device cras

CVE-2026-47147 HIGH
7.1 Jun 25

Out-of-bounds read in the Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device

CVE-2026-47146 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device cras

CVE-2026-47145 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to

Share

CVE-2026-47148 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy