Zigbee Unauthenticated DoS via NWK Sequence number manipulation

Vulnerability

The vulnerability resides in the Ember ZNet stack within Silicon Labs Gecko SDK (GSDK). Prior to version v7.4.0, the NWK (network) sequence number handling is insufficiently validated, allowing an attacker to manipulate this field. This affects all deployments using Ember ZNet in GSDK versions before v7.4.0. [1]

Exploitation

An attacker with network access to the target Zigbee network can send crafted packets with a manipulated NWK sequence number. No authentication is required, as the sequence number is part of the network layer header. The attacker can repeatedly inject such packets to disrupt normal network operations. [1]

Impact

Successful exploitation results in a denial of service (DoS) condition. The targeted device or network may become unresponsive, drop legitimate traffic, or experience degraded performance. The attack does not lead to information disclosure or code execution but can cause significant network disruption. [1]

Mitigation

Silicon Labs addressed this vulnerability in Gecko SDK version v7.4.0. Users should upgrade to v7.4.0 or later. The fix is available in the official Gecko SDK repository. [1]