Threat Intelligence Database

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.

CVE-2026-47154 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves an out-of-bounds read triggered by a malformed GetProfileResponse message when processing interval entries. The issue affects devices that have already joined the network and support the Simple Metering cluster. No information leakage to the sender has been observed. Exploitation can cause process termination.

CVE-2026-47153 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves a divide-by-zero fault triggered by a malformed Level Control Step command from a device already joined to the network. This issue affects only devices supporting the Level Control cluster and can cause process termination.

CVE-2026-47152 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves a divide-by-zero fault triggered by a malformed Level Control Move command from a device already joined to the network. This affects only devices supporting the Level Control cluster and can cause process termination.

CVE-2026-47151 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves an out-of-bounds write triggered by malformed ClearWeekdaySchedule messages affecting the Door Lock schedule state. The vulnerability requires the attacker to be a device already joined to the network and impacts only devices supporting the Door Lock cluster.

CVE-2026-47150 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves an out-of-bounds write triggered by malformed IAS Zone enrollment messages from devices already joined to the network. The vulnerability affects only devices supporting the IAS Zone cluster and can cause process termination. The size and location of the out-of-bounds write are limited. No official patch or remediation guidance has been provided yet.

CVE-2026-47149 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves an out-of-bounds read triggered by malformed or out-of-range Door Lock user identifiers, which can cause the process to terminate. The vulnerability only affects devices that have joined the network and support the Door Lock cluster. No information leakage to the attacker was observed.

CVE-2026-47148 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves an out-of-bounds read triggered by malformed GetGroupMembership commands from devices already joined to the network. This can cause repeated reads past the message payload end and terminate the process. Only devices supporting the Groups cluster are affected. No information leakage to the sender has been observed.

CVE-2026-47147 is a high-severity vulnerability in Silicon Labs EmberZNet versions 9.0.2 and earlier. It involves an out-of-bounds read triggered by malformed over-the-air (OTA) requests to the OTA server parser. The flaw allows limited data from RAM to be read by an attacker device that has already joined the network and supports the OTA Server cluster.