Lucene search

[email protected]NVD:CVE-2022-47758

HistoryApr 27, 2023 - 2:15 a.m.

CVE-2022-47758

2023-04-2702:15:08

CWE-295

[email protected]

web.nvd.nist.gov

nanoleaf

firmware

tls

verification

dns hijacking

code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON

Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.

Affected configurations

Nvd

Node

nanoleafnanoleaf_firmwareMatch7.1.1

VendorProductVersionCPE
nanoleafnanoleaf_firmware7.1.1cpe:2.3:o:nanoleaf:nanoleaf_firmware:7.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nanoleaf	nanoleaf_firmware	7.1.1	cpe:2.3:o:nanoleaf:nanoleaf_firmware:7.1.1:::::::*

References

nanoleaf.com

pwning.tech/cve-2022-47758

pwning.tech/cve-2022-47758/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON

Related for NVD:CVE-2022-47758

prion1 cvelist1 cve1