CVE-2018-15479

Name of the Vulnerable Software and Affected Versions myStrom WiFi Switch V1 versions prior to 2.66 myStrom WiFi Switch V2 versions prior to 3.80 myStrom WiFi Switch EU versions prior to 3.80 myStrom WiFi Bulb versions prior to 2.58 myStrom WiFi LED Strip versions prior to 3.80 myStrom WiFi Button versions prior to 2.73 myStrom WiFi Button Plus versions prior to 2.73

Description An issue was discovered where devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address.

Recommendations For myStrom WiFi Switch V1 versions prior to 2.66, update to version 2.66 or later. For myStrom WiFi Switch V2 versions prior to 3.80, update to version 3.80 or later. For myStrom WiFi Switch EU versions prior to 3.80, update to version 3.80 or later. For myStrom WiFi Bulb versions prior to 2.58, update to version 2.58 or later. For myStrom WiFi LED Strip versions prior to 3.80, update to version 3.80 or later. For myStrom WiFi Button versions prior to 2.73, update to version 2.73 or later. For myStrom WiFi Button Plus versions prior to 2.73, update to version 2.73 or later.