Published: 10/04/2017 Updated: 14/04/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

OSRAM SYLVANIA Osram Lightify Home prior to 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
osram lightify home

Osram's Lightify smart bulbs blow a security fuse – isn't anything code audited anymore?

The Register • Kieren McCarthy in San Francisco • 27 Jul 2016

Four unpatched bugs remain after nine found

Nine security holes, four of them still unpatched, have been found in the Osram smart light bulb system, potentially giving attackers access to a home or corporate network. The issues in the Lightify Home and Pro systems range from cross-site scripting (XSS) to problems with the ZigBee and SSL protocols to insecure encryption key handling. They were discovered by security company Rapid7. Some of the programming bugs are pretty amateurish, raising the larger question of what kind of security revi...

CVE-2016-5051

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect