Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47148

Summary
Assigner-Silabs
Assigner Org ID-030b2754-1501-44a4-bef8-48be86a33bf4
Published At-25 Jun, 2026 | 13:37
Updated At-25 Jun, 2026 | 14:15
Rejected At-
Credits

Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Silabs
Assigner Org ID:030b2754-1501-44a4-bef8-48be86a33bf4
Published At:25 Jun, 2026 | 13:37
Updated At:25 Jun, 2026 | 14:15
Rejected At:
▼CVE Numbering Authority (CNA)
Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

Affected Products
Vendor
Silicon Labs
Product
EmberZNet
Package Name
EmberZNet
Repo
https://github.com/SiliconLabs/simplicity_sdk
Default Status
unaffected
Versions
Affected
  • From 0 through 9.0.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153CAPEC-153: Input Data Manipulation
CAPEC ID: CAPEC-153
Description: CAPEC-153: Input Data Manipulation
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Junming C. (@Chapoly1305) and Prof. Qiang Zeng of George Mason University
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1
vendor-advisory
permissions-required
https://github.com/SiliconLabsSoftware/sisdk-release/
patch
Hyperlink: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1
Resource:
vendor-advisory
permissions-required
Hyperlink: https://github.com/SiliconLabsSoftware/sisdk-release/
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@silabs.com
Published At:25 Jun, 2026 | 14:16
Updated At:25 Jun, 2026 | 18:48

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

silabs
silabs
>>emberznet>>Versions up to 9.0.2(inclusive)
cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondaryproduct-security@silabs.com
CWE ID: CWE-125
Type: Secondary
Source: product-security@silabs.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/SiliconLabsSoftware/sisdk-release/product-security@silabs.com
Not Applicable
https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1product-security@silabs.com
Permissions Required
Hyperlink: https://github.com/SiliconLabsSoftware/sisdk-release/
Source: product-security@silabs.com
Resource:
Not Applicable
Hyperlink: https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000pEGPQIA4?operationContext=S1
Source: product-security@silabs.com
Resource:
Permissions Required

Change History

0
Information is not available yet

Similar CVEs

56Records found

CVE-2026-0127
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:51
Updated-16 Jun, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-39995
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 43.50%
||
7 Day CHG~0.00%
Published-29 Nov, 2021 | 15:34
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_tdese620x_vess_firmwareecns280_td_firmwareese620x_vesseCNS280_TD;eSE620X vESS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47978
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.91% / 77.42%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Denial of Service Vulnerability

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_server_2022Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2022
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-22790
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.53%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:52
Updated-29 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-modicon_m580_bmep584020modicon_premium_tsxp57_554mmodicon_m580_bmep585040cmodicon_quantum_140cpu65150cmodicon_m580_bmep584040modicon_momentum_171cbu98090modicon_quantum_140cpu65150modicon_mc80_bmkc8020310modicon_quantum_140cpu65160cmodicon_m580_bmeh584040cmodicon_m580_bmep586040modicon_m580_bmeh584040splc_simulator_for_ecostruxure_control_expertmodicon_mc80_bmkc8030311modicon_m340_bmxp341000modicon_m580_bmep581020modicon_m580_bmep582020hmodicon_premium_tsxp57_454mmodicon_premium_tsxp57_5634mmodicon_m580_bmep582020modicon_m580_bmeh582040plc_simulator_for_ecostruxure_process_expertmodicon_m340_bmxp342030modicon_momentum_171cbu78090modicon_m580_bmep582040modicon_m580_bmep584040smodicon_premium_tsxp57_4634mmodicon_m580_bmeh586040modicon_m340_bmxp342010modicon_m580_bmep585040modicon_premium_tsxp57_2834mmodicon_m580_bmeh582040smodicon_m580_bmeh582040cmodicon_m580_bmep583040modicon_mc80_bmkc8020301modicon_premium_tsxp57_1634mmodicon_m340_bmxp342020modicon_m580_bmep582040smodicon_quantum_140cpu65160modicon_m580_bmep586040cmodicon_momentum_171cbu98091modicon_m580_bmep581020hmodicon_m580_bmep582040hmodicon_m580_bmeh584040modicon_m580_bmeh586040cmodicon_m580_bmeh586040smodicon_premium_tsxp57_2634mmodicon_m580_bmep583020modicon_premium_tsxp57_6634mModicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9071
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.35%
||
7 Day CHG~0.00%
Published-01 Jun, 2020 | 14:02
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ar2200_firmwarear1200ar3200_firmwarear2200srg1300srg1300_firmwaresrg3300_firmwaresrg2300_firmwaresrg3300netengine16exar1200-s_firmwarear120-s_firmwarear200-sar120-sar510ar150-sar160srg2300ar150_firmwarear2200-sar510_firmwarear150-s_firmwarear1200-sar3600ar150ar3200ar1200_firmwarear200-s_firmwarear200ar3600_firmwarear160_firmwarear2200-s_firmwarear200_firmwarenetengine16ex_firmwareAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-25713
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.14% / 80.02%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 14:27
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

Action-Not Available
Vendor-librdfn/aDebian GNU/LinuxFedora Project
Product-debian_linuxraptor_rdf_syntax_libraryfedoraraptor2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • Next
Details not found