CVE-2024-7322
📋 TL;DR
This vulnerability allows an attacker to send a malicious encrypted rejoin response to ZigBee devices, causing them to change their node ID and resulting in network denial of service. The affected devices include ZigBee coordinators, routers, and end devices. Recovery requires re-establishing the entire network.
💻 Affected Systems
- Silicon Labs ZigBee devices with affected firmware
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete disruption of ZigBee network operations requiring full network reconfiguration and downtime for all connected devices.
Likely Case
Targeted DoS attacks against specific ZigBee networks causing temporary service disruption until network is manually re-established.
If Mitigated
Limited impact if network segmentation and monitoring are in place to detect anomalous rejoin attempts.
🎯 Exploit Status
Requires ability to send crafted ZigBee packets within wireless range; encryption knowledge needed for rejoin response
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Silicon Labs advisory for specific fixed versions
Vendor Advisory: https://community.silabs.com/068Vm00000I7ri2
Restart Required: Yes
Instructions:
1. Check Silicon Labs advisory for affected products. 2. Download and apply firmware updates from vendor. 3. Restart affected ZigBee devices. 4. Re-establish network if previously disrupted.
🔧 Temporary Workarounds
Network Segmentation
allIsolate ZigBee networks from potential attackers using physical separation and RF shielding
Monitoring for Anomalous Rejoins
allImplement monitoring to detect unusual rejoin activity in ZigBee networks
🧯 If You Can't Patch
- Physically secure ZigBee network area to prevent unauthorized wireless access
- Implement network redundancy with multiple coordinators to maintain service if one is attacked
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against Silicon Labs advisory; test with controlled rejoin attempts if possibleCheck Version:
Vendor-specific command via device management interface (check vendor documentation)Verify Fix Applied:
Verify firmware version matches patched version from vendor; test that unsolicited rejoin responses no longer cause node ID changes📡 Detection & Monitoring
Log Indicators:
- Unexpected node ID changes in ZigBee network logs
- Multiple rejoin attempts from unknown devices
- Network coordinator reporting unexpected topology changes
Network Indicators:
- Sudden loss of ZigBee network connectivity
- Unusual rejoin traffic patterns
- Node disappearance/reappearance with different IDs
SIEM Query:
ZigBee AND (rejoin OR "node ID change") AND NOT expected_device