Published: 14/10/2022 Updated: 18/10/2022

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 0

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Vulnerable Product	Search on Vulmon	Subscribe to Product
ikea tradfri_led1732g11_firmware -

Make your neighbor think their house is haunted by blinking their Ikea smart bulbs

The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Radio comms vulnerabilities detailed

A couple of vulnerabilities in Ikea smart lighting systems can be exploited to make lights annoyingly flicker for hours. While the pair of bugs won't top the list of security flaws Beijing-backed spies hope to exploit to steal government secrets or wreak havoc on high-value targets, the vulnerabilities could provide some mildly disruptive entertainment for, say, an annoying next-door neighbor looking for some spooky-month hi-jinx. Jonathan Knudsen, head of global research at Synopsys Cybersecuri...

CVE-2022-39064

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect