CVE-2017-14797

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge BSB002 version 1707040932

Description The issue is related to a lack of transport encryption in the public API, allowing remote attackers to read API keys by sniffing HTTP traffic on the local intranet network. This can lead to bypassing the pushlink protection mechanism and obtaining complete control of connected accessories.

Recommendations For Philips Hue Bridge BSB002 version 1707040932, consider disabling the public API until a patch is available to add transport encryption, and restrict access to the local intranet network to minimize the risk of exploitation.