52 matches found
CVE-2016-5057
The CVE-2016-5057 issue affects OSRAM SYLVANIA Osram Lightify Pro, caused by the product not using SSL pinning. This enables potential MITM scenarios where an attacker could intercept SSL traffic. Public details in connected CNVD/EUVD entries indicate versions up to 2016-07-26 are affected. No of...
CVE-2016-5054
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay...
CVE-2016-5052
OSRAM SYLVANIA Osram Lightify Home is affected by CVE-2016-5052. The issue stems from the product’s failure to use SSL pinning in versions up to 2016-07-26, allowing a potential attacker to perform a man-in-the-middle (MITM) attack and intercept SSL/TLS traffic. The CNVD entry confirms the vulner...
CVE-2016-5057
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning...
CVE-2016-5053
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000...
CVE-2016-5052
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning...
CVE-2016-5056
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK...
CVE-2016-5053
CVE-2016-5053 affects OSRAM SYLVANIA Osram Lightify Home. CNVD details indicate a vulnerability in versions released by 2016-07-26 due to the program's failure to use SSL pinning, enabling a man-in-the-middle attack to obtain SSL-encrypted traffic. No remediation or exploit specifics are provided...
CVE-2016-5056
CVE-2016-5056 affects OSRAM SYLVANIA Osram Lightify Pro devices with a PSK limited to 8 hex digits (firmware prior to 2016-07-26). Connected data also references OSRAM Lightify Home vulnerabilities (e.g., MITM risk due to lack of SSL pinning) in related ENISA/CNVD entries, but the Lightify Pro PS...
CVE-2016-5051
OSRAM SYLVANIA Osram Lightify Home vulnerability (pre-2016-07-26). The issue stems from the product not using SSL pinning, enabling a Man-in-the-Middle to intercept TLS-encrypted traffic. Affected versions are 2016-07-26 and earlier. The CNVD entry states this vulnerability allows an attacker to ...
CVE-2016-5059
CVE-2016-5059 involves OSRAM SYLVANIA Osram Lightify Home. The CNVD entry (CNVD-2017-12298) describes it as a vulnerability in versions up to 2016-07-26 where the application fails to implement SSL pinning, enabling a man-in-the-middle attacker to intercept SSL/TLS traffic from the affected syste...
Unpatched Smart Lighting Flaws Pose IoT Risk to Businesses
A host of web-based vulnerabilities in Osram Lightify smart lighting products remain unpatched, despite private notification to the vendor in late May and CVEs assigned to the issues in June by CERT/CC. Researchers at Rapid7 today publicly disclosed some of the details on each of the nine...