PT-2017-8674 · Osram Sylvania · Osram Lightify Home

Deral Heiland

Published

2017-04-10

Updated

2017-04-14

CVE-2016-5052

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions OSRAM SYLVANIA Osram Lightify Home through 2016-07-26

Description The issue is related to the lack of SSL pinning in the OSRAM SYLVANIA Osram Lightify Home. This means that the device does not properly verify the identity of the server it is communicating with, which could lead to man-in-the-middle attacks.

Recommendations For OSRAM SYLVANIA Osram Lightify Home through 2016-07-26, consider implementing SSL pinning to ensure secure communication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2016-5052

Affected Products

Osram Lightify Home

PT-2017-8674 · Osram Sylvania · Osram Lightify Home

CVE-2016-5052

Weakness Enumeration

Related Identifiers

Affected Products

References · 3