CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSRAM SYLVANIA Osram Lightify Pro is an open IoT platform for automated control of lighting devices from OSRAM Germany. A security vulnerability exists in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and prior versions. An attacker can exploit the vulnerability to obtain and re-execute used...

7.5CVSS6.9AI score0.00487EPSS

Exploits2References1

OSV•added 2017/04/10 3:59 a.m.•0 views

CVE-2016-5057

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning...

7.5CVSS5.8AI score0.00487EPSS

Exploits1References1

OSV•added 2017/04/10 3:59 a.m.•3 views

CVE-2016-5056

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK...

7.5CVSS5.8AI score0.00487EPSS

Exploits1References1

OSV•added 2017/04/10 3:59 a.m.•1 views

CVE-2016-5059

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application...

6.5CVSS5.8AI score0.00487EPSS

Exploits2References1

OSV•added 2017/04/10 3:59 a.m.•0 views

CVE-2016-5058

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay...

7.5CVSS5.8AI score0.00487EPSS

Exploits1References1

OSV•added 2017/04/10 3:59 a.m.•1 views

CVE-2016-5055

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page...

6.1CVSS5.8AI score0.00487EPSS

Exploits1References1

NVD•added 2017/04/10 3:59 a.m.•8 views

CVE-2016-5056

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK...

7.5CVSS7.6AI score0.00184EPSS

Exploits1References1

NVD•added 2017/04/10 3:59 a.m.•7 views

CVE-2016-5057

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning...

7.5CVSS7.6AI score0.0031EPSS

Exploits1References1

NVD•added 2017/04/10 3:59 a.m.•8 views

CVE-2016-5058

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay...

7.5CVSS7.6AI score0.00259EPSS

Exploits1References1

Prion•added 2017/04/10 3:59 a.m.•12 views

Code injection

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page...

4.3CVSS6.3AI score0.00487EPSS

Exploits2References1

Prion•added 2017/04/10 3:59 a.m.•8 views

Design/Logic Flaw

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application...

4CVSS6.5AI score0.00487EPSS

Exploits2References1

Cvelist•added 2017/04/10 3:0 a.m.•13 views

CVE-2016-5057

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning...

7.6AI score0.0031EPSS

Exploits1References1

Cvelist•added 2017/04/10 3:0 a.m.•11 views

CVE-2016-5059

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application...

6.2AI score0.00237EPSS

Exploits1References1

Cvelist•added 2017/04/10 3:0 a.m.•10 views

CVE-2016-5058

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay...

7.6AI score0.00487EPSS

Exploits2References1

CVE•added 2017/04/10 3:0 a.m.•46 views

CVE-2016-5056

CVE-2016-5056 affects OSRAM SYLVANIA Osram Lightify Pro devices with a PSK limited to 8 hex digits (firmware prior to 2016-07-26). Connected data also references OSRAM Lightify Home vulnerabilities (e.g., MITM risk due to lack of SSL pinning) in related ENISA/CNVD entries, but the Lightify Pro PS...

7.5CVSS7.5AI score0.00184EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by