CVE-2023-24678
Description
A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted Zigbee message can cause a denial of service on Centralite Pearl Thermostat firmware 0x04075010.
Vulnerability
The Centralite Pearl Thermostat running firmware version 0x04075010 is vulnerable to a denial of service (DoS) via a specially crafted Zigbee message. The vulnerability resides in the device's Zigbee stack, which fails to properly handle malformed or malicious messages, leading to a crash or hang. [2]
Exploitation
An attacker within Zigbee radio range can send a crafted Zigbee message to the thermostat. No authentication is required, as the device accepts messages from any Zigbee coordinator or endpoint. The attacker simply transmits the malicious packet, which triggers the vulnerability. [2]
Impact
Successful exploitation results in a denial of service, causing the thermostat to become unresponsive. This prevents normal operation, including temperature control and communication with the home automation system. The device may require a power cycle to recover. [2]
Mitigation
As of the publication date (2023-03-17), no firmware update or patch has been released by Centralite to address this vulnerability. Users are advised to monitor vendor advisories and consider network-level Zigbee filtering or isolation as a temporary workaround. [2]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Centralite/Pearl Thermostatdescription
- Range: = 0x04075010
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.