PT-2019-15737 · Signify Philips · Signify Philips Taolight Smart Wi-Fi Wiz Connected Led Bulb

Eric Pendergrass

Publicado

2019-11-14

Atualizado

2020-08-24

CVE-2019-18980

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb version 9290022656

Description The issue allows remote users to control the bulb's operation due to an unprotected API. This enables anyone with network access to the bulb to turn it on or off, or change its color or brightness remotely, as there is no authentication or encryption required to use the control API.

Recommendations For Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb version 9290022656, as a temporary workaround, consider restricting network access to the bulb until a patch is available.

Exploit

Correção

Missing Encryption of Sensitive Data

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311CWE-306

Identificadores relacionados

CVE-2019-18980

Produtos afetados

Signify Philips Taolight Smart Wi-Fi Wiz Connected Led Bulb

PT-2019-15737 · Signify Philips · Signify Philips Taolight Smart Wi-Fi Wiz Connected Led Bulb

CVE-2019-18980

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2