Published: 23/01/2020 Updated: 01/03/2023

CVSS v2 Base Score: 4.3 | Impact Score: 6.4 | Exploitability Score: 3.2

CVSS v3 Base Score: 7.9 | Impact Score: 6 | Exploitability Score: 1.2

VMScore: 383

Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
philips hue_bridge_v2_firmware

Time to patch your lightbulb? Researchers demonstrate Philips Hue exploit

The Register • Tim Anderson • 05 Feb 2020

First the lightbulb. Then the controller. Then your internal network.

Researchers at Check Point have demonstrated how to infect a network with malware via a simple IoT device, a Philips Hue smart lightbulb. This is an exercise in escalation. There are a couple of vulnerabilities involved. One is CVE-2020-6007 which is a buffer overflow in the Philips Hue Bridge controller firmware, in the part of the software that adds new devices to the controller. The other is based on 2016 research on how to persuade a Hue lightbulb to change its affinity from one controller t...

CVE-2020-6007

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect