Impact
A malformed Level Control Step command in Silicon Labs EmberZNet v9.0.2 or earlier triggers a divide‑by‑zero fault, crashing the device’s control process. This flaw is cataloged as CWE-369 and results in a loss of service for the affected device, potentially disrupting network operations that rely on that device.
Affected Systems
Silicon Labs EmberZNet firmware up to and including version 9.0.2 and all earlier releases are impacted. Devices that support the Level Control cluster and have joined the network can be targeted.
Risk and Exploitability
Based on the description, it is inferred that a malicious or compromised device that has already joined the network can send a crafted Level Control Step command to trigger the divide‑by‑zero fault. The CVSS score of 7.1 indicates a high severity denial‑of‑service vulnerability. While an EPSS score is not currently available, the lack of a KEV listing suggests limited known exploitation at this time. The attack requires a malicious or compromised device that already resides on the network to send a crafted Level Control Step command, making remote network‑based exploitation plausible but contingent on device membership.
OpenCVE Enrichment