17 matches found
CVE-2023-51393
CVE-2023-51393 affects Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered with Gecko SDK v4.4.0). The root cause is an allocation of resources without limits, causing uncontrolled resource consumption that can trigger a bus fault and crash the device, requiring a reboot to rejoin the networ...
CVE-2023-51394
CVE-2023-51394 affects Silicon Labs Ember ZNet SDK prior to v7.4.0. In high-traffic environments, a NULL pointer dereference can cause a system crash. The issue, per the CVE records, is tied to Ember ZNet SDK versions before 7.4.0, with a remediation path to update to 7.4.0 or later. Public docum...
CVE-2023-51392
Summary: CVE-2023-51392 affects Silicon Labs EmberZNet v7.2.0–v7.4.0 where software AES-CCM is used instead of hardware-accelerated cryptography, potentially enabling side-channel risks (electromagnetic and differential power analysis). The connected sources specify Ember ZNet and related advisor...
CVE-2022-24937
Silicon Labs Ember ZNet (Zigbee stack) is affected by CVE-2022-24937, a vulnerability described as Improper Restriction of Operations within the Bounds of a Memory Buffer that can lead to buffer overflows. Connected sources indicate the issue impacts Ember ZNet up to version 7.0.0 or earlier (as ...
CVE-2023-41094
The CVE-2023-41094 entry affects Ember ZNet: TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime can allow a device to be added outside the valid TouchLink range or pairing duration. Aff...
CVE-2022-24938
CVE-2022-24938 affects the Ember ZNet stack (as used in Silicon Labs Gecko SDK). A malformed Zigbee/ZW packet can trigger a stack overflow in Ember ZNet, causing an assertion failure and a reset that immediately clears the error. Some sources specify Ember ZNet versions 7.0.1 or earlier. The prov...
CVE-2026-47154
CVE-2026-47154 affects EmberZNet devices using the Simple Metering cluster. A malformed GetProfileResponse in EmberZNet v9.0.2 and earlier can cause out-of-bounds reads while iterating interval entries, terminating the process. The flaw requires messages originate from a device already joined to ...
CVE-2026-47150
The advisory concerns EmberZNet v9.0.2 and earlier where malformed IAS Zone enrollment messages can trigger an out-of-bounds write to a state-table, terminating the process. The write’s size/location are bounded, and only messages from devices that have already joined the network affect devices s...
CVE-2026-47151
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can cause out-of-bounds writes in Door Lock schedule state. Impact: potential HIGH availability disruption and LOW integrity impact; no confidentiality change. These messages must originate from a device already joined to th...
CVE-2026-47153
CVE-2026-47153 affects the EmberZNet stack (v9.0.2 and earlier) where a malformed Level Control Step command can terminate the process via a divide-by-zero fault. The issue requires the sender to be a device that has already joined the network and impacts devices that support the Level Control cl...
CVE-2026-47145
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can trigger asserts that terminate the process. The issue affects devices that already joined the network and that support the Color Control cluster. The problem is caused by malformed Color Control messages and results in an appli...
CVE-2026-47146
CVE-2026-47146 affects EmberZNet v9.0.2 and earlier; malformed Color Control messages can trigger asserts that abort the process. Impact is limited to devices that have already joined the network and that support the Color Control cluster. The provided documents do not specify a patch version or ...
CVE-2026-47148
CVE-2026-47148 affects EmberZNet v9.0.2 and earlier. Malformed GetGroupMembership commands can trigger reads past the end of the message payload, potentially terminating the process. The impact is observed on devices that have already joined the network and that support the Groups cluster; no inf...
CVE-2026-47152
CVE-2026-47152 affects EmberZNet v9.0.2 and earlier. A malformed Level Control Move command (from a device already joined to the network, impacting devices that support the Level Control cluster) can trigger a divide-by-zero fault, terminating the process. Impact is aligned with the CVSS data: hi...
CVE-2026-47147
The CVE affects EmberZNet (v9.0.2 and earlier) where the OTA server raw parser fails to validate per-field bounds in OTA requests. This can cause out-of-bounds reads of a limited amount of RAM, with the leaked data size/location constrained; exploitation requires the requester to be an already-jo...
CVE-2026-4526
EmberZNet v9.0.2 and earlier has a vulnerability in the global ZCL command parser due to missing minimum-length validation, which can cause out-of-bounds reads in the framework parsing logic and terminate the process. The issue requires messages to originate from a device that has already joined ...
CVE-2026-47149
CVE-2026-47149 affects EmberZNet v9.0.2 and earlier: malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads, terminating the process. Impacts devices that have joined the network and support the Door Lock cluster. No information leakage to the sender was observ...