CVE-2022-39064

Name of the Vulnerable Software and Affected Versions TRÅDFRI bulb (affected versions not specified)

Description The issue arises when an attacker sends a single malformed IEEE 802.15.4 (Zigbee) frame, causing the TRÅDFRI bulb to blink. If the same frame is replayed multiple times, the bulb performs a factory reset, resulting in the loss of configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.