Lucene search
K

22 matches found

NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-47151

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

7.1CVSS0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 p.m.4 views

CVE-2026-47145

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-47147

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-47146

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:42 p.m.24 views

CVE-2026-47153

CVE-2026-47153 affects the EmberZNet stack (v9.0.2 and earlier) where a malformed Level Control Step command can terminate the process via a divide-by-zero fault. The issue requires the sender to be a device that has already joined the network and impacts devices that support the Level Control cl...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 1:41 p.m.6 views

EUVD-2026-39407

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:39 p.m.4 views

EUVD-2026-39405

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:38 p.m.7 views

CVE-2026-47149

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 1:37 p.m.17 views

CVE-2026-47148

CVE-2026-47148 affects EmberZNet v9.0.2 and earlier. Malformed GetGroupMembership commands can trigger reads past the end of the message payload, potentially terminating the process. The impact is observed on devices that have already joined the network and that support the Groups cluster; no inf...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 1:37 p.m.4 views

EUVD-2026-39403

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:36 p.m.16 views

CVE-2026-47147

The CVE affects EmberZNet (v9.0.2 and earlier) where the OTA server raw parser fails to validate per-field bounds in OTA requests. This can cause out-of-bounds reads of a limited amount of RAM, with the leaked data size/location constrained; exploitation requires the requester to be an already-jo...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 1:35 p.m.22 views

CVE-2026-47146

CVE-2026-47146 affects EmberZNet v9.0.2 and earlier; malformed Color Control messages can trigger asserts that abort the process. Impact is limited to devices that have already joined the network and that support the Color Control cluster. The provided documents do not specify a patch version or ...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:35 p.m.33 views

CVE-2026-47146 Color Control color-temperature assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:35 p.m.5 views

EUVD-2026-39400

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:34 p.m.30 views

CVE-2026-47145 Color Control hue/saturation assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:34 p.m.7 views

CVE-2026-47145

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:32 p.m.3 views

EUVD-2026-39396

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:32 p.m.32 views

CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:32 p.m.14 views

CVE-2026-4526

EmberZNet v9.0.2 and earlier has a vulnerability in the global ZCL command parser due to missing minimum-length validation, which can cause out-of-bounds reads in the framework parsing logic and terminate the process. The issue requires messages to originate from a device that has already joined ...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52400

Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed Over-the-Air OTA requests can cause the OTA server parser to perform out-of-bounds reads, which occurs when the software reads data outside the intended boundary of a buffer. This allows ...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder