CVE-2023-41094

CRITICAL

Ember ZNet <7.1.6, <7.2.4 - Use After Free

Title source: llm

Description

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

References (1)

Scores

CVSS v3 10.0
EPSS 0.0008
EPSS Percentile 23.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-772 CWE-940 CWE-672
Status published

Affected Products (1)

silabs/emberznet < 7.1.5

Timeline

Published Oct 04, 2023
Tracked Since Feb 18, 2026