Silabs: >> Emberznet >> 1.0.0 Security Vulnerabilities
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.
CVSS Score
7.1
Published
2026-06-25
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.
CVSS Score
5.3
EPSS Score
0.005
Published
2024-02-23
High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a system crash.
CVSS Score
5.3
EPSS Score
0.005
Published
2024-02-23
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-11-14
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVSS Score
6.5
EPSS Score
0.007
Published
2022-11-14
Page 2