Description
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
Published: 2026-06-25
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs when EmberZNet processes a Level Control Move command that contains a malformed value, causing a divide‑by‑zero error which terminates the application. The attack can only be triggered from a device that has already joined the network. The resulting denial of service can bring down the affected node's z‑stack and may disrupt network operations.

Affected Systems

Affected are devices running Silicon Labs EmberZNet firmware version 9.0.2 or older. Only devices that implement the Level Control cluster are susceptible. This includes IoT endpoints such as smart plugs or dimmer controllers that use EmberZNet’s Level Control functionality.

Risk and Exploitability

The CVSS score of 7.1 indicates a medium severity vulnerability. EPSS is not available, but the flaw is not listed in CISA KEV, suggesting no known active exploitation. Attack is likely local network based; an adversary must have a network presence to send the crafted command. If they can compromise or emulate a legitimate joined device, they could cause the node to crash, potentially cascading failures in the network if many nodes are affected.

Generated by OpenCVE AI on June 25, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all EmberZNet devices to version 9.0.3 or newer where the bug is fixed.
  • Disable the Level Control cluster on devices where it is not required or migrate to firmware that does not expose that cluster.
  • Monitor network traffic for suspicious Level Control Move commands and isolate any device that experiences repeated divide‑by‑zero faults.

Generated by OpenCVE AI on June 25, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.
Title Level Control Move divide-by-zero in EmberZNet v9.0.2
Weaknesses CWE-369
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2026-06-25T14:17:45.797Z

Reserved: 2026-05-18T20:02:03.669Z

Link: CVE-2026-47152

cve-icon Vulnrichment

Updated: 2026-06-25T14:17:42.622Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:30:16Z

Weaknesses