Описание
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
Ссылки
- ExploitThird Party Advisory
- ProductRelease Notes
- ExploitThird Party Advisory
- ProductRelease Notes
Уязвимые конфигурации
Конфигурация 1Версия до 1935144020 (включая)
Одновременно
cpe:2.3:o:philips:hue_bridge_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:philips:hue_bridge_v2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06299
Низкий
7.9 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-122
CWE-787
Связанные уязвимости
CVSS3: 7.9
github
больше 3 лет назад
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
EPSS
Процентиль: 91%
0.06299
Низкий
7.9 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-122
CWE-787