Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/10/2023 Updated: 15/02/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote malicious user to cause a denial of service via a crafted script to the KeySetRemove function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tapo mini_smart_wi-fi_plug_firmware -
nanoleaf lightstrip_firmware 3.5.10
govee led_strip_firmware 3.00.42
switchbot hub2_firmware 1.0-0.8
phillips hue_bridge_firmware 1.59.1959097030
yeelight smart_lamp_firmware 1.12.69
tp-link smart_plug_firmware -
orein smart_bulb_firmware -
eve eve_door_and_window_firmware -

CWE-732 https://github.com/project-chip/connectedhomeip/issues/28518 https://github.com/project-chip/connectedhomeip/issues/28679 https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-42189

Vulnerability Summary

References

Vulmon Search

About

Products

Connect