7.5

CVE-2023-42189

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NanoleafLightstrip Firmware Version3.5.10
   NanoleafLightstrip Version-
GoveeLed Strip Firmware Version3.00.42
   GoveeLed Strip Version-
SwitchbotHub2 Firmware Version1.0-0.8
   SwitchbotHub2 Version-
PhillipsHue Bridge Firmware Version1.59.1959097030
   PhillipsHue Bridge Version-
YeelightSmart Lamp Firmware Version1.12.69
   YeelightSmart Lamp Version-
Tp-linkSmart Plug Firmware Version-
   Tp-linkSmart Plug Version-
OreinSmart Bulb Firmware Version-
   OreinSmart Bulb Version-
EveEve Door And Window Firmware Version-
   EveEve Door And Window Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.514
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf
Third Party Advisory
https://github.com/project-chip/connectedhomeip/issues/28518
Third Party Advisory
Issue Tracking
https://github.com/project-chip/connectedhomeip/issues/28679
Third Party Advisory
Issue Tracking