Every CVE whose affected-product data names Silabs Emberznet, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2023-41094 — CVSS 10.0 (critical): TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource…
CVE-2026-47147 — CVSS 7.1 (high): In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data…
CVE-2026-47151 — CVSS 7.1 (high): In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state…
CVE-2026-47150 — CVSS 7.1 (high): In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the…
CVE-2026-47146 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come…
CVE-2026-47154 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries…
CVE-2022-24938 — CVSS 6.5 (medium): A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the…
CVE-2026-4526 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the…
CVE-2026-47145 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come…
CVE-2026-47152 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This…
CVE-2026-47153 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This…
CVE-2022-24937 — CVSS 6.5 (medium): Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.
CVE-2026-47148 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and…
CVE-2026-47149 — CVSS 6.5 (medium): In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate…
CVE-2023-51392 — CVSS 6.2 (medium): Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially…
CVE-2023-51394 — CVSS 5.3 (medium): High traffic environments may result in NULL Pointer Dereference vulnerability in Silicon Labs's Ember ZNet SDK before v7.4.0, causing a…
CVE-2023-51393 — CVSS 5.3 (medium): Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK…