Описание
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:sengled:e1e-g7f_firmware:0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:sengled:e1e-g7f:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00397
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-770
Связанные уязвимости
CVSS3: 7.5
github
почти 3 года назад
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.
EPSS
Процентиль: 60%
0.00397
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-770