CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2017/04/10 3:59 a.m.•15 views

Code injection

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page...

4.3CVSS6.3AI score0.01397EPSS

Prion•added 2017/04/10 3:59 a.m.•9 views

Design/Logic Flaw

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application...

4CVSS6.5AI score0.01397EPSS

CVE•added 2017/04/10 3:0 a.m.•46 views

CVE-2016-5059

CVE-2016-5059 involves OSRAM SYLVANIA Osram Lightify Home. The CNVD entry (CNVD-2017-12298) describes it as a vulnerability in versions up to 2016-07-26 where the application fails to implement SSL pinning, enabling a man-in-the-middle attacker to intercept SSL/TLS traffic from the affected syste...

6.5CVSS6.2AI score0.01153EPSS

CVE•added 2017/04/10 3:0 a.m.•42 views

CVE-2016-5051

OSRAM SYLVANIA Osram Lightify Home vulnerability (pre-2016-07-26). The issue stems from the product not using SSL pinning, enabling a Man-in-the-Middle to intercept TLS-encrypted traffic. Affected versions are 2016-07-26 and earlier. The CNVD entry states this vulnerability allows an attacker to ...

7.5CVSS7.5AI score0.01397EPSS

CVE•added 2017/04/10 3:0 a.m.•39 views

CVE-2016-5052

OSRAM SYLVANIA Osram Lightify Home is affected by CVE-2016-5052. The issue stems from the product’s failure to use SSL pinning in versions up to 2016-07-26, allowing a potential attacker to perform a man-in-the-middle (MITM) attack and intercept SSL/TLS traffic. The CNVD entry confirms the vulner...

7.5CVSS7.5AI score0.01136EPSS

CVE•added 2017/04/10 3:0 a.m.•38 views

CVE-2016-5058

CVE-2016-5058 references OSRAM SYLVANIA Osram Lightify Pro/Lightify Home. Connected CNVD data reveals a MITM vulnerability in Lightify Home due to the program’s failure to use SSL pinning, affecting versions 2016-07-26 and earlier. An attacker could intercept SSL/TLS traffic and capture encrypted...

7.5CVSS7.5AI score0.01148EPSS

Cvelist•added 2017/04/10 3:0 a.m.•19 views

CVE-2016-5052

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning...

7.6AI score0.01136EPSS

Cvelist•added 2017/04/10 3:0 a.m.•15 views

CVE-2016-5053

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000...

9.9AI score0.02737EPSS

Cvelist•added 2017/04/10 3:0 a.m.•16 views

CVE-2016-5057

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning...

7.6AI score0.01211EPSS

Cvelist•added 2017/04/10 3:0 a.m.•13 views

CVE-2016-5059

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application...

6.2AI score0.01153EPSS

Cvelist•added 2017/04/10 3:0 a.m.•22 views

CVE-2016-5058

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay...

7.6AI score0.01397EPSS

ThreatPost•added 2016/07/26 9:5 a.m.•29 views

Unpatched Smart Lighting Flaws Pose IoT Risk to Businesses

A host of web-based vulnerabilities in Osram Lightify smart lighting products remain unpatched, despite private notification to the vendor in late May and CVEs assigned to the issues in June by CERT/CC. Researchers at Rapid7 today publicly disclosed some of the details on each of the nine...

5CVSS8.2AI score0.00934EPSS