Lucene search

MitreCVE-2023-42189

HistoryOct 10, 2023 - 3:15 a.m.

CVE-2023-42189

2023-10-1003:15:09

CWE-732

mitre

web.nvd.nist.gov

cve-2023-42189

insecure permissions

connectivity standards alliance matter

sdk

nanoleaf light strip

govee led strip

switchbot hub2

phillips hue hub

yeelight smart lamp

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

Affected configurations

Nvd

Node

tapomini_smart_wi-fi_plug_firmwareMatch-

AND

tapomini_smart_wi-fi_plugMatch-

Node

nanoleaflightstrip_firmwareMatch3.5.10

AND

nanoleaflightstripMatch-

Node

goveeled_strip_firmwareMatch3.00.42

AND

goveeled_stripMatch-

Node

switchbothub2_firmwareMatch1.0-0.8

AND

switchbothub2Match-

Node

phillipshue_bridge_firmwareMatch1.59.1959097030

AND

phillipshue_bridgeMatch-

Node

yeelightsmart_lamp_firmwareMatch1.12.69

AND

yeelightsmart_lampMatch-

Node

tp-linksmart_plug_firmwareMatch-

AND

tp-linksmart_plugMatch-

Node

oreinsmart_bulb_firmwareMatch-

AND

oreinsmart_bulbMatch-

Node

eveeve_door_and_window_firmwareMatch-

AND

eveeve_door_and_windowMatch-

VendorProductVersionCPE
tapomini_smart_wi-fi_plug_firmware-cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:*:*:*:*:*:*:*
tapomini_smart_wi-fi_plug-cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:*:*:*:*:*:*:*
nanoleaflightstrip_firmware3.5.10cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:*
nanoleaflightstrip-cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:*
goveeled_strip_firmware3.00.42cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:*
goveeled_strip-cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:*
switchbothub2_firmware1.0-0.8cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:*:*:*:*:*:*:*
switchbothub2-cpe:2.3:h:switchbot:hub2:-:*:*:*:*:*:*:*
phillipshue_bridge_firmware1.59.1959097030cpe:2.3:o:phillips:hue_bridge_firmware:1.59.1959097030:*:*:*:*:*:*:*
phillipshue_bridge-cpe:2.3:h:phillips:hue_bridge:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tapo	mini_smart_wi-fi_plug_firmware	-	cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:::::::*
tapo	mini_smart_wi-fi_plug	-	cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:::::::*
nanoleaf	lightstrip_firmware	3.5.10	cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:::::::*
nanoleaf	lightstrip	-	cpe:2.3:h:nanoleaf:lightstrip:-:::::::*
govee	led_strip_firmware	3.00.42	cpe:2.3:o:govee:led_strip_firmware:3.00.42:::::::*
govee	led_strip	-	cpe:2.3:h:govee:led_strip:-:::::::*
switchbot	hub2_firmware	1.0-0.8	cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:::::::*
switchbot	hub2	-	cpe:2.3:h:switchbot:hub2:-:::::::*
phillips	hue_bridge_firmware	1.59.1959097030	cpe:2.3:o:phillips:hue_bridge_firmware:1.59.1959097030:::::::*
phillips	hue_bridge	-	cpe:2.3:h:phillips:hue_bridge:-:::::::*

Rows per page:

1-10 of 181

References

github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf

github.com/project-chip/connectedhomeip/issues/28518

github.com/project-chip/connectedhomeip/issues/28679

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

Related for CVE-2023-42189