Lucene search
K
SilabsEmberznet

17 matches found

CVE
CVE
•added 2024/02/23 7:14 p.m.•95 views

CVE-2023-51393

CVE-2023-51393 affects Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered with Gecko SDK v4.4.0). The root cause is an allocation of resources without limits, causing uncontrolled resource consumption that can trigger a bus fault and crash the device, requiring a reboot to rejoin the networ...

7.5CVSS5.2AI score0.00515EPSS
CVE
CVE
•added 2024/02/23 7:13 p.m.•91 views

CVE-2023-51394

CVE-2023-51394 affects Silicon Labs Ember ZNet SDK prior to v7.4.0. In high-traffic environments, a NULL pointer dereference can cause a system crash. The issue, per the CVE records, is tied to Ember ZNet SDK versions before 7.4.0, with a remediation path to update to 7.4.0 or later. Public docum...

7.5CVSS5.2AI score0.00515EPSS
CVE
CVE
•added 2024/02/23 4:12 p.m.•82 views

CVE-2023-51392

Summary: CVE-2023-51392 affects Silicon Labs EmberZNet v7.2.0–v7.4.0 where software AES-CCM is used instead of hardware-accelerated cryptography, potentially enabling side-channel risks (electromagnetic and differential power analysis). The connected sources specify Ember ZNet and related advisor...

9.8CVSS6.4AI score0.00244EPSS
CVE
CVE
•added 2022/11/14 5:22 p.m.•70 views

CVE-2022-24937

Silicon Labs Ember ZNet (Zigbee stack) is affected by CVE-2022-24937, a vulnerability described as Improper Restriction of Operations within the Bounds of a Memory Buffer that can lead to buffer overflows. Connected sources indicate the issue impacts Ember ZNet up to version 7.0.0 or earlier (as ...

9.8CVSS8.1AI score0.0065EPSS
CVE
CVE
•added 2023/10/04 8:1 p.m.•60 views

CVE-2023-41094

The CVE-2023-41094 entry affects Ember ZNet: TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime can allow a device to be added outside the valid TouchLink range or pairing duration. Aff...

10CVSS9.5AI score0.00575EPSS
CVE
CVE
•added 2022/11/14 5:37 p.m.•55 views

CVE-2022-24938

CVE-2022-24938 affects the Ember ZNet stack (as used in Silicon Labs Gecko SDK). A malformed Zigbee/ZW packet can trigger a stack overflow in Ember ZNet, causing an assertion failure and a reset that immediately clears the error. Some sources specify Ember ZNet versions 7.0.1 or earlier. The prov...

7.5CVSS7AI score0.00701EPSS
CVE
CVE
•added 2026/06/25 1:43 p.m.•30 views

CVE-2026-47154

CVE-2026-47154 affects EmberZNet devices using the Simple Metering cluster. A malformed GetProfileResponse in EmberZNet v9.0.2 and earlier can cause out-of-bounds reads while iterating interval entries, terminating the process. The flaw requires messages originate from a device already joined to ...

7.1CVSS5.8AI score0.00249EPSS
CVE
CVE
•added 2026/06/25 1:39 p.m.•26 views

CVE-2026-47150

The advisory concerns EmberZNet v9.0.2 and earlier where malformed IAS Zone enrollment messages can trigger an out-of-bounds write to a state-table, terminating the process. The write’s size/location are bounded, and only messages from devices that have already joined the network affect devices s...

7.1CVSS5.8AI score0.00217EPSS
CVE
CVE
•added 2026/06/25 1:40 p.m.•26 views

CVE-2026-47151

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can cause out-of-bounds writes in Door Lock schedule state. Impact: potential HIGH availability disruption and LOW integrity impact; no confidentiality change. These messages must originate from a device already joined to th...

7.1CVSS5.8AI score0.00217EPSS
CVE
CVE
•added 2026/06/25 1:42 p.m.•24 views

CVE-2026-47153

CVE-2026-47153 affects the EmberZNet stack (v9.0.2 and earlier) where a malformed Level Control Step command can terminate the process via a divide-by-zero fault. The issue requires the sender to be a device that has already joined the network and impacts devices that support the Level Control cl...

7.1CVSS5.8AI score0.00249EPSS
CVE
CVE
•added 2026/06/25 1:34 p.m.•23 views

CVE-2026-47145

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can trigger asserts that terminate the process. The issue affects devices that already joined the network and that support the Color Control cluster. The problem is caused by malformed Color Control messages and results in an appli...

7.1CVSS5.8AI score0.00249EPSS
CVE
CVE
•added 2026/06/25 1:35 p.m.•22 views

CVE-2026-47146

CVE-2026-47146 affects EmberZNet v9.0.2 and earlier; malformed Color Control messages can trigger asserts that abort the process. Impact is limited to devices that have already joined the network and that support the Color Control cluster. The provided documents do not specify a patch version or ...

7.1CVSS5.8AI score0.00249EPSS
CVE
CVE
•added 2026/06/25 1:37 p.m.•17 views

CVE-2026-47148

CVE-2026-47148 affects EmberZNet v9.0.2 and earlier. Malformed GetGroupMembership commands can trigger reads past the end of the message payload, potentially terminating the process. The impact is observed on devices that have already joined the network and that support the Groups cluster; no inf...

7.1CVSS5.9AI score0.00249EPSS
CVE
CVE
•added 2026/06/25 1:41 p.m.•17 views

CVE-2026-47152

CVE-2026-47152 affects EmberZNet v9.0.2 and earlier. A malformed Level Control Move command (from a device already joined to the network, impacting devices that support the Level Control cluster) can trigger a divide-by-zero fault, terminating the process. Impact is aligned with the CVSS data: hi...

7.1CVSS5.8AI score0.00249EPSS
CVE
CVE
•added 2026/06/25 1:36 p.m.•16 views

CVE-2026-47147

The CVE affects EmberZNet (v9.0.2 and earlier) where the OTA server raw parser fails to validate per-field bounds in OTA requests. This can cause out-of-bounds reads of a limited amount of RAM, with the leaked data size/location constrained; exploitation requires the requester to be an already-jo...

7.1CVSS5.8AI score0.00231EPSS
CVE
CVE
•added 2026/06/25 1:32 p.m.•14 views

CVE-2026-4526

EmberZNet v9.0.2 and earlier has a vulnerability in the global ZCL command parser due to missing minimum-length validation, which can cause out-of-bounds reads in the framework parsing logic and terminate the process. The issue requires messages to originate from a device that has already joined ...

7.1CVSS5.8AI score0.00249EPSS
CVE
CVE
•added 2026/06/25 1:38 p.m.•14 views

CVE-2026-47149

CVE-2026-47149 affects EmberZNet v9.0.2 and earlier: malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads, terminating the process. Impacts devices that have joined the network and support the Door Lock cluster. No information leakage to the sender was observ...

7.1CVSS5.8AI score0.00249EPSS