CVE Vulnerability

CVE-2020-6007

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.2 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.9 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www2.meethue.com/en-us/support/release-notes/bridge Release Notes
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
Configurations

Configuration 1
Information

Published : 2020-01-23 10:15

Updated : 2020-08-10 04:15

NVD link : CVE-2020-6007

Mitre link : CVE-2020-6007

Products Affected
No products.
CWE
CWE-787