CVE-2023-41094

CRITICAL

Ember ZNet <7.1.6, <7.2.4 - Use After Free

Title source: llm

Description

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected

References (1)

[Permissions Required] https://community.silabs.com/0688Y00000aIPzL

Scores

CVSS v3 10.0

EPSS 0.0008

EPSS Percentile 23.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-772 CWE-940 CWE-672

Status published

Products (1)

silabs/emberznet 7.1.3 - 7.1.5

Published Oct 04, 2023

Tracked Since Feb 18, 2026