Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.
References
Link | Resource |
---|---|
https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf | Third Party Advisory |
https://github.com/project-chip/connectedhomeip/issues/28518 | Issue Tracking Third Party Advisory |
https://github.com/project-chip/connectedhomeip/issues/28679 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
15 Feb 2024, 19:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:phillips:hue_hub_firmware:1.59.1959097030:*:*:*:*:*:*:* |
cpe:2.3:h:phillips:hue_bridge:-:*:*:*:*:*:*:* cpe:2.3:o:phillips:hue_bridge_firmware:1.59.1959097030:*:*:*:*:*:*:* |
First Time |
Phillips hue Bridge
Phillips hue Bridge Firmware |
16 Oct 2023, 18:36
Type | Values Removed | Values Added |
---|---|---|
First Time |
Tp-link smart Plug Firmware
Tapo Orein smart Bulb Firmware Yeelight smart Lamp Orein smart Bulb Tp-link smart Plug Nanoleaf Phillips hue Hub Firmware Govee led Strip Phillips Switchbot hub2 Tapo mini Smart Wi-fi Plug Firmware Yeelight smart Lamp Firmware Govee Eve eve Door And Window Eve eve Door And Window Firmware Switchbot Govee led Strip Firmware Switchbot hub2 Firmware Yeelight Eve Nanoleaf lightstrip Firmware Phillips hue Hub Nanoleaf lightstrip Tp-link Orein Tapo mini Smart Wi-fi Plug |
|
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://github.com/project-chip/connectedhomeip/issues/28679 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf - Third Party Advisory | |
References | (MISC) https://github.com/project-chip/connectedhomeip/issues/28518 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:h:tp-link:smart_plug:-:*:*:*:*:*:*:* cpe:2.3:h:switchbot:hub2:-:*:*:*:*:*:*:* cpe:2.3:o:eve:eve_door_and_window_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:*:*:*:*:*:*:* cpe:2.3:h:eve:eve_door_and_window:-:*:*:*:*:*:*:* cpe:2.3:h:phillips:hue_hub:-:*:*:*:*:*:*:* cpe:2.3:h:orein:smart_bulb:-:*:*:*:*:*:*:* cpe:2.3:h:yeelight:smart_lamp:-:*:*:*:*:*:*:* cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:yeelight:smart_lamp_firmware:1.12.69:*:*:*:*:*:*:* cpe:2.3:o:orein:smart_bulb_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:* cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:* cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:*:*:*:*:*:*:* cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:* cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:* cpe:2.3:o:phillips:hue_hub_firmware:1.59.1959097030:*:*:*:*:*:*:* cpe:2.3:o:tp-link:smart_plug_firmware:-:*:*:*:*:*:*:* |
10 Oct 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-10 03:15
Updated : 2024-02-15 19:44
NVD link : CVE-2023-42189
Mitre link : CVE-2023-42189
CVE.ORG link : CVE-2023-42189
JSON object : View
Products Affected
tapo
- mini_smart_wi-fi_plug
- mini_smart_wi-fi_plug_firmware
eve
- eve_door_and_window_firmware
- eve_door_and_window
switchbot
- hub2_firmware
- hub2
nanoleaf
- lightstrip_firmware
- lightstrip
phillips
- hue_bridge
- hue_bridge_firmware
govee
- led_strip
- led_strip_firmware
tp-link
- smart_plug_firmware
- smart_plug
yeelight
- smart_lamp_firmware
- smart_lamp
orein
- smart_bulb
- smart_bulb_firmware
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource