Skip to main content

Silicon Labs EmberZNet CVE-2026-47153

| EUVDEUVD-2026-39353 HIGH
Divide By Zero (CWE-369)
2026-06-25 Silabs GHSA-qmrv-48wx-3c53
7.1
CVSS 4.0 · Vendor: Silabs
Share

Severity by source

Vendor (Silabs) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Attacker must be a joined network device (PR:L) sending a Zigbee frame (AV:N), trivial to send (AC:L) with no UI; impact is a process crash only, so C:N/I:N/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Silabs).

CVSS VectorVendor: Silabs

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 14:33 vuln.today

DescriptionCVE.org

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.

AnalysisAI

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows a device already joined to the Zigbee network to crash a target node by sending a malformed Level Control 'Step' command that triggers a divide-by-zero (CWE-369) fault and terminates the process. Only nodes implementing the Level Control cluster are affected, and exploitation requires the attacker to already be an authenticated member of the network (CVSS 4.0 PR:L, VA:H). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Join target Zigbee network as device
Delivery
Craft malformed Level Control Step command
Exploit
Send to node supporting Level Control cluster
Execution
Trigger divide-by-zero in ZCL handler
Impact
Process terminates, device offline

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the attacker to control a device that has ALREADY successfully joined the target's Zigbee network (CVSS PR:L - not an outside or unauthenticated attacker), and (2) the target device to implement the Zigbee Level Control cluster; devices without that cluster are not impacted. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine but bounded availability risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already controls a device joined to the Zigbee network - for example a compromised or rogue end node - crafts a malformed Level Control 'Step' command with a parameter that forces a divide-by-zero and sends it to a target node supporting the Level Control cluster. The target's EmberZNet process faults and terminates, dropping the device offline until it is restarted. …
Remediation Patch available per vendor advisory: upgrade EmberZNet beyond v9.0.2 using the patched build from the Silicon Labs SiSDK release channel (https://github.com/SiliconLabsSoftware/sisdk-release/) and consult the advisory at https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4 for the exact fixed version, which was not specified in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Complete inventory of Silicon Labs EmberZNet devices in production, identifying all running v9.0.2 or earlier and documenting system criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-41094 CRITICAL
9.8 Oct 04

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Re

CVE-2022-24937 CRITICAL
9.8 Nov 14

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows

CVE-2022-24938 HIGH
7.5 Nov 14

A malformed packet causes a stack overflow in the Ember ZNet stack. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2026-47154 HIGH
7.1 Jun 25

Remote denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network devi

CVE-2026-47152 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allows an already-joined network device to

CVE-2026-47151 HIGH
7.1 Jun 25

Out-of-bounds memory writes in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allow an already-joined network

CVE-2026-47150 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet (Zigbee stack) versions 9.0.2 and earlier allows an already-joined network d

CVE-2026-47149 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device cras

CVE-2026-47148 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to

CVE-2026-47147 HIGH
7.1 Jun 25

Out-of-bounds read in the Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device

CVE-2026-47146 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device cras

CVE-2026-47145 HIGH
7.1 Jun 25

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to

Share

CVE-2026-47153 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy