CWE-229
Improper Handling of Values
The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.
CVE-2025-7964 (GCVE-0-2025-7964)
Vulnerability from cvelistv5 – Published: 2026-01-30 15:02 – Updated: 2026-01-30 15:36
VLAI
Title
Zigbee Router Denial of Service
Summary
After receiving a
malformed 802.15.4 MAC Data Request
the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual recommissioning is required to recover the Zigbee Router.
Severity
CWE
- CWE-229 - Improper Handling of Values
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.silabs.com/068Vm00000dspiL | vendor-advisorypermissions-required |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| silabs.com | Silicon Labs Zigbee Stack |
Affected:
0 , ≤ 4.4.6
(semver)
|
|
| silabs.com | Silicon Labs Zigbee Stack |
Affected:
0 , ≤ 2025.6.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T15:36:24.476564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T15:36:46.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "GSDK",
"product": "Silicon Labs Zigbee Stack",
"repo": "https://github.com/SiliconLabs/gecko_sdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "4.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "SiSDK",
"product": "Silicon Labs Zigbee Stack",
"repo": "https://github.com/SiliconLabs/simplicity_sdk",
"vendor": "silabs.com",
"versions": [
{
"lessThanOrEqual": "2025.6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAfter receiving a \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emalformed 802.15.4 MAC Data Request\u003c/span\u003e\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.\u0026nbsp;A manual recommissioning is required to recover the Zigbee Router.\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "After receiving a \n\nmalformed 802.15.4 MAC Data Request\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.\u00a0A manual recommissioning is required to recover the Zigbee Router."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-229",
"description": "CWE-229: Improper Handling of Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T15:02:53.825Z",
"orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"shortName": "Silabs"
},
"references": [
{
"tags": [
"vendor-advisory",
"permissions-required"
],
"url": "https://community.silabs.com/068Vm00000dspiL"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zigbee Router Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
"assignerShortName": "Silabs",
"cveId": "CVE-2025-7964",
"datePublished": "2026-01-30T15:02:53.825Z",
"dateReserved": "2025-07-21T17:44:17.730Z",
"dateUpdated": "2026-01-30T15:36:46.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4736 (GCVE-0-2026-4736)
Vulnerability from cvelistv5 – Published: 2026-03-24 03:11 – Updated: 2026-03-24 14:36
VLAI
Title
Math Issue in No-Chicken/Echo-Mate
Summary
Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H, nft_byteorder.C, nft_meta.C.
This issue affects Echo-Mate: before V250329.
Severity
CWE
- CWE-229 - Improper Handling of Values
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/No-Chicken/Echo-Mate/pull/8 | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| No-Chicken | Echo-Mate |
Affected:
0 , < V250329
(git)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T14:36:07.759008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T14:36:13.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/No-Chicken/Echo-Mate",
"defaultStatus": "affected",
"modules": [
"SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter"
],
"product": "Echo-Mate",
"programFiles": [
"nf_tables.h\u200e",
"nft_byteorder.c\u200e",
"nft_meta.c\u200e"
],
"vendor": "No-Chicken",
"versions": [
{
"lessThan": "V250329",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules).\u003cp\u003e This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.\u003c/p\u003e\u003cp\u003eThis issue affects Echo-Mate: before V250329.\u003c/p\u003e"
}
],
"value": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.\n\nThis issue affects Echo-Mate: before V250329."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-229",
"description": "CWE-229 Improper Handling of Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T03:11:16.951Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/No-Chicken/Echo-Mate/pull/8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Math Issue in No-Chicken/Echo-Mate",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2026-4736",
"datePublished": "2026-03-24T03:11:16.951Z",
"dateReserved": "2026-03-24T03:10:55.386Z",
"dateUpdated": "2026-03-24T14:36:13.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.