Skip to main content

EmberZNet SDK CVE-2026-6432

| EUVDEUVD-2026-39411 MEDIUM
Improper Handling of Length Parameter Inconsistency (CWE-130)
2026-06-25 Silabs GHSA-2mwj-cc94-39wv
5.3
CVSS 4.0 · Vendor: Silabs
Share

Severity by source

Vendor (Silabs) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network-reachable with PR:L per provided vector; crashes warrant A:L and memory leakage warrants C:L, contrary to the provided VA:N omission.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Silabs).

CVSS VectorVendor: Silabs

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 15:17 vuln.today

DescriptionCVE.org

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.

AnalysisAI

Improper bounds validation in Silicon Labs EmberZNet SDK versions 9.0.2 and earlier exposes Zigbee-connected devices to crashes and dynamic memory leakage via network-reachable input. Authenticated network attackers can trigger the flaw with low complexity, resulting in denial-of-service conditions or unintended disclosure of heap contents. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Zigbee network credentials or compromise existing node
Delivery
Join target PAN as authenticated member
Exploit
Craft frame with inconsistent length parameter
Execution
Send frame to vulnerable EmberZNet coordinator or router
Persist
Trigger bounds validation failure
Impact
Crash host process or leak heap memory contents

Vulnerability AssessmentAI

Exploitation Exploitation requires low-privilege network access - the CVSS 4.0 vector specifies PR:L, indicating the attacker must hold some form of authenticated access or established session on the Zigbee PAN before sending the malicious frame. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N) scores 5.3 (Medium) and captures the low-confidentiality impact of memory leakage, but omits any availability metric (VA:N) despite the description explicitly stating crashes are a possible outcome - this is a notable inconsistency that defenders should verify against the vendor advisory. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a Zigbee-capable radio and valid network credentials (or a compromised node on the same PAN) sends a crafted Zigbee protocol frame containing a length parameter that exceeds the allocated buffer size in the EmberZNet stack. The SDK's bounds validation fails to reject the inconsistency, resulting in either a crash of the host Zigbee process or a heap memory read that leaks dynamic allocation contents back to the attacker. …
Remediation Upgrade to a patched EmberZNet SDK release published in the SiliconLabsSoftware/sisdk-release repository (https://github.com/SiliconLabsSoftware/sisdk-release) beyond version 9.0.2; the exact fixed release version was not independently confirmed from the available data - consult the vendor advisory at https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pYDOwIAO?operationContext=S1 for the confirmed patch version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6432 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy