CVE-2022-47758

Name of the Vulnerable Software and Affected Versions Nanoleaf firmware versions prior to 7.1.1

Description The issue is related to missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. This affects IoT smart lights, enabling unauthenticated remote code execution.

Recommendations For versions prior to 7.1.1, update to a version that includes TLS verification to prevent arbitrary code execution via DNS hijacking attacks. As a temporary workaround, consider restricting access to the device until a patch is available. Avoid using the device in untrusted networks to minimize the risk of exploitation.