Skip to main content

Emberznet

14 CVEs product

Monthly

CVE-2026-47154 HIGH PATCH This Week

Remote denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash the target by sending a malformed Simple Metering GetProfileResponse message that triggers an out-of-bounds read while iterating interval entries, terminating the process. Exploitation requires the attacker to be an authenticated member of the Zigbee network and only affects devices implementing the Simple Metering cluster. No public exploit identified at time of analysis, and no information leakage back to the sender was observed.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47153 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows a device already joined to the Zigbee network to crash a target node by sending a malformed Level Control 'Step' command that triggers a divide-by-zero (CWE-369) fault and terminates the process. Only nodes implementing the Level Control cluster are affected, and exploitation requires the attacker to already be an authenticated member of the network (CVSS 4.0 PR:L, VA:H). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47152 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allows an already-joined network device to crash the host process via a malformed Level Control 'Move' command that triggers a divide-by-zero fault. Only deployments where the target device supports the Level Control cluster are affected, and exploitation requires the attacker to be an authenticated member of the Zigbee network (PR:L). No public exploit identified at time of analysis; this is not on CISA KEV.

Information Disclosure Emberznet
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47151 HIGH PATCH This Week

Out-of-bounds memory writes in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allow an already-joined network device to corrupt Door Lock schedule state by sending malformed ClearWeekdaySchedule messages. Only devices implementing the Door Lock cluster are affected, and the corruption is bounded in size and location, primarily threatening availability/integrity rather than data disclosure. No public exploit identified at time of analysis; a vendor patch is available.

Memory Corruption Buffer Overflow Emberznet
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47150 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) versions 9.0.2 and earlier allows an already-joined network device to crash the host process by sending malformed IAS Zone enrollment messages, which trigger an out-of-bounds write to the state table. Only nodes that support the IAS Zone (security sensor) cluster are affected, and the attacker must already hold a valid place on the Zigbee network (PR:L). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47149 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash the target by sending Door Lock cluster messages containing malformed or out-of-range user identifiers, which trigger an out-of-bounds table read (CWE-125) that terminates the process. Only devices that implement the Door Lock cluster are affected, and no data is leaked back to the sender. There is no public exploit identified at time of analysis, and the issue is not in CISA KEV.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47148 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to crash a target by sending malformed GetGroupMembership commands, which cause repeated out-of-bounds reads past the message payload and terminate the process. Only devices implementing the Groups cluster are affected, and no information leakage to the sender was observed despite the read primitive. There is no public exploit identified at time of analysis, no CISA KEV listing, and the impact is availability-only (process termination), not code execution or data disclosure.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47147 HIGH PATCH This Week

Out-of-bounds read in the Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device send malformed Over-The-Air (OTA) update requests that drive the OTA Server cluster parser past buffer boundaries, leaking a small, size- and location-limited amount of RAM back to the requester and potentially disrupting the OTA service. Only nodes that implement the OTA Server cluster are affected, and exploitation requires prior network membership (PR:L authenticated). No public exploit is identified and the CVE is not in CISA KEV; the CVSS 4.0 base score of 7.1 is driven mainly by high availability impact (VA:H) rather than data theft.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47146 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash a target by sending malformed Color Control cluster messages that trip a reachable assertion and terminate the process. Only devices implementing the Color Control cluster (typically color-capable lighting) are affected, and the attacker must already be a member of the Zigbee network. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-47145 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to crash the target by sending malformed Color Control cluster messages, which trigger a reachable assertion that terminates the process. Only devices implementing the Color Control cluster (typically Zigbee lighting/color-capable nodes and coordinators) are affected. Vendor-rated CVSS 4.0 7.1 with availability-only impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-4526 HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allows an already-joined Zigbee device to crash the process by sending malformed global ZCL (Zigbee Cluster Library) messages that trigger out-of-bounds reads in the framework parsing logic. The flaw affects availability only - no information leakage back to the sender was observed despite the dataset's 'Information Disclosure' tag. A vendor patch is available, and there is no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2023-41094 CRITICAL Act Now

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emberznet
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-24938 HIGH This Week

A malformed packet causes a stack overflow in the Ember ZNet stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24937 CRITICAL Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Remote denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash the target by sending a malformed Simple Metering GetProfileResponse message that triggers an out-of-bounds read while iterating interval entries, terminating the process. Exploitation requires the attacker to be an authenticated member of the Zigbee network and only affects devices implementing the Simple Metering cluster. No public exploit identified at time of analysis, and no information leakage back to the sender was observed.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows a device already joined to the Zigbee network to crash a target node by sending a malformed Level Control 'Step' command that triggers a divide-by-zero (CWE-369) fault and terminates the process. Only nodes implementing the Level Control cluster are affected, and exploitation requires the attacker to already be an authenticated member of the network (CVSS 4.0 PR:L, VA:H). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allows an already-joined network device to crash the host process via a malformed Level Control 'Move' command that triggers a divide-by-zero fault. Only deployments where the target device supports the Level Control cluster are affected, and exploitation requires the attacker to be an authenticated member of the Zigbee network (PR:L). No public exploit identified at time of analysis; this is not on CISA KEV.

Information Disclosure Emberznet
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds memory writes in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allow an already-joined network device to corrupt Door Lock schedule state by sending malformed ClearWeekdaySchedule messages. Only devices implementing the Door Lock cluster are affected, and the corruption is bounded in size and location, primarily threatening availability/integrity rather than data disclosure. No public exploit identified at time of analysis; a vendor patch is available.

Memory Corruption Buffer Overflow Emberznet
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) versions 9.0.2 and earlier allows an already-joined network device to crash the host process by sending malformed IAS Zone enrollment messages, which trigger an out-of-bounds write to the state table. Only nodes that support the IAS Zone (security sensor) cluster are affected, and the attacker must already hold a valid place on the Zigbee network (PR:L). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Emberznet
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash the target by sending Door Lock cluster messages containing malformed or out-of-range user identifiers, which trigger an out-of-bounds table read (CWE-125) that terminates the process. Only devices that implement the Door Lock cluster are affected, and no data is leaked back to the sender. There is no public exploit identified at time of analysis, and the issue is not in CISA KEV.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to crash a target by sending malformed GetGroupMembership commands, which cause repeated out-of-bounds reads past the message payload and terminate the process. Only devices implementing the Groups cluster are affected, and no information leakage to the sender was observed despite the read primitive. There is no public exploit identified at time of analysis, no CISA KEV listing, and the impact is availability-only (process termination), not code execution or data disclosure.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device send malformed Over-The-Air (OTA) update requests that drive the OTA Server cluster parser past buffer boundaries, leaking a small, size- and location-limited amount of RAM back to the requester and potentially disrupting the OTA service. Only nodes that implement the OTA Server cluster are affected, and exploitation requires prior network membership (PR:L authenticated). No public exploit is identified and the CVE is not in CISA KEV; the CVSS 4.0 base score of 7.1 is driven mainly by high availability impact (VA:H) rather than data theft.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) lets an already-joined network device crash a target by sending malformed Color Control cluster messages that trip a reachable assertion and terminate the process. Only devices implementing the Color Control cluster (typically color-capable lighting) are affected, and the attacker must already be a member of the Zigbee network. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet Zigbee stack (v9.0.2 and earlier) allows an already-joined network device to crash the target by sending malformed Color Control cluster messages, which trigger a reachable assertion that terminates the process. Only devices implementing the Color Control cluster (typically Zigbee lighting/color-capable nodes and coordinators) are affected. Vendor-rated CVSS 4.0 7.1 with availability-only impact; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure Emberznet
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Silicon Labs EmberZNet (Zigbee stack) v9.0.2 and earlier allows an already-joined Zigbee device to crash the process by sending malformed global ZCL (Zigbee Cluster Library) messages that trigger out-of-bounds reads in the framework parsing logic. The flaw affects availability only - no information leakage back to the sender was observed despite the dataset's 'Information Disclosure' tag. A vendor patch is available, and there is no public exploit identified at time of analysis.

Buffer Overflow Information Disclosure Emberznet
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emberznet
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A malformed packet causes a stack overflow in the Ember ZNet stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy