The vulnerability arises when EmberZNet v9.0.2 and earlier process malformed ClearWeekdaySchedule messages. The malformed packet triggers an out-of-bounds write into the Door Lock schedule state, a classic buffer over-read/writer issue identified as CWE-787. Because the overwrite targets internal scheduling data, an attacker can corrupt lock state or cause a denial of service by permanently altering or destabilizing the lock’s schedule. The damage is limited to the integrity of the schedule data rather than arbitrary code execution, but the resulting malfunction could lead to lock failure or unauthorized behaviour.

Devices running Silicon Labs EmberZNet firmware v9.0.2 or earlier that implement the Door Lock cluster are affected. The vulnerability is exploited only by messages originating from a device that has already joined the network and that supports the Door Lock cluster; devices lacking that cluster are not impacted.

The static severity is moderate‑high with a CVSS score of 7.1. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a device with network access that can send the specific malformed ClearWeekdaySchedule command. Therefore the attack vector is most likely local, stemming from a compromised or malicious networked device. Given the lack of a public exploit and the limited payload of the out-of-bounds write, the likelihood of widespread exploitation is low, but the potential impact on lock reliability remains significant.