Lucene search

[email protected]CVE-2023-42189

HistoryOct 10, 2023 - 3:15 a.m.

CVE-2023-42189

2023-10-1003:15:09

CWE-732

[email protected]

web.nvd.nist.gov

cve-2023-42189

insecure permissions

connectivity standards alliance matter

sdk

nanoleaf light strip

govee led strip

switchbot hub2

phillips hue hub

yeelight smart lamp

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

Affected configurations

NVD

Node

tapomini_smart_wi-fi_plug_firmwareMatch-

AND

tapomini_smart_wi-fi_plugMatch-

Node

nanoleaflightstrip_firmwareMatch3.5.10

AND

nanoleaflightstripMatch-

Node

goveeled_strip_firmwareMatch3.00.42

AND

goveeled_stripMatch-

Node

switchbothub2_firmwareMatch1.0-0.8

AND

switchbothub2Match-

Node

phillipshue_bridge_firmwareMatch1.59.1959097030

AND

phillipshue_bridgeMatch-

Node

yeelightsmart_lamp_firmwareMatch1.12.69

AND

yeelightsmart_lampMatch-

Node

tp-linksmart_plug_firmwareMatch-

AND

tp-linksmart_plugMatch-

Node

oreinsmart_bulb_firmwareMatch-

AND

oreinsmart_bulbMatch-

Node

eveeve_door_and_window_firmwareMatch-

AND

eveeve_door_and_windowMatch-

CPENameOperatorVersion
tapo:mini_smart_wi-fi_plug_firmwaretapo mini smart wi-fi plug firmwareeq-

CPE	Name	Operator	Version
tapo:mini_smart_wi-fi_plug_firmware	tapo mini smart wi-fi plug firmware	eq	-

References

github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf

github.com/project-chip/connectedhomeip/issues/28518

github.com/project-chip/connectedhomeip/issues/28679

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for CVE-2023-42189

cvelist1 nvd1 prion1