HIGH🇬🇧 English

CVE-2026-47148

CVSS 7.1v4.0pub. 2026-06-25

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Silabs Emberznet

    APP
    Silabs
    ≤ 9.0.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-41094CRITICAL10.0ten sam produkt

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and ...

CVE-2026-47146HIGH7.1ten sam produkt

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the proce...

CVE-2026-4526HIGH7.1ten sam produkt

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework pa...

CVE-2026-47145HIGH7.1ten sam produkt

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the proce...

CVE-2026-47147HIGH7.1ten sam produkt

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds rea...