Signify Philips · Signify Philips Taolight Smart Wi-Fi Wiz Connected Led Bulb · CVE-2019-18980
**Name of the Vulnerable Software and Affected Versions**
Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb version 9290022656
**Description**
The issue allows remote users to control the bulb's operation due to an unprotected API. This enables anyone with network access to the bulb to turn it on or off, or change its color or brightness remotely, as there is no authentication or encryption required to use the control API.
**Recommendations**
For Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb version 9290022656, as a temporary workaround, consider restricting network access to the bulb until a patch is available.