CVE-2026-3558

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. Th...

EUVD-2026-12159

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. Th...

CVE-2026-3558 Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. Th...

CVE-2026-3558

CVE-2026-3558 affects Philips Hue Bridge via HomeKit Accessory Protocol. The flaw lies in the service configuration listening on TCP port 8080, where authentication is not required, enabling network-adjacent attackers to bypass authentication and access sensitive functionality. Impact is high for...

PT-2026-23776

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description A security issue exists in the Philips Hue Bridge related to the HomeKit Accessory Protocol. Specifically, a transient pairing mode authentication bypass is possible. This allows...

Exploit for CVE-2025-36911

WhisperPair-PoC-Tool and Research A deep dive into CVE-2025-3...

SAMSUNG Galaxy Buds 安全漏洞

SAMSUNG Galaxy Buds is a wireless Bluetooth headset from South Korea's Samsung SAMSUNG that supports active noise cancellation and voice assistant. A security vulnerability exists in SAMSUNG Galaxy Buds, which stems from a default Bluetooth pairing mode that may result in audio takeover or...

PT-2024-31882 · Iot Haat · Iot Haat Smart Plug Ih-In-16A-S

Name of the Vulnerable Software and Affected Versions: IoT Haat Smart Plug IH-IN-16A-S version 5.16.1 Description: The issue is related to Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode allows an attacker to...

Bluetooth Core Specification 安全漏洞

The Bluetooth Core Specification is a specification. Defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. Overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced by the Bluetooth...

CVE-2020-12702

Weak encryption in the Quick Pairing mode in the eWeLink mobile application Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during th...

CVE-2020-12702

CVE-2020-12702 concerns weak encryption in the Quick Pairing mode of the eWeLink mobile app (Android v4.9.2 and earlier; iOS v4.9.1 and earlier). The root cause is insufficient protection during the pairing process, enabling physically proximate attackers to eavesdrop on Wi‑Fi credentials and oth...

CVE-2018-19982

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP Server Controller HUB Node products which are controlled by HUB. The prerequisite is that the attacker is on the same network as the target HUB, and can use I...

CVE-2018-19982

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP Server Controller HUB Node products which are controlled by HUB. The prerequisite is that the attacker is on the same network as the target HUB, and can use I...

CVE-2018-19982

CVE-2018-19982 affects KT MC01507L Z-Wave S0 devices. The issue arises because HPKP is not implemented, enabling an attacker on the same network to use IP Changer to redirect packets destined for the Server to a proxy, allowing sniffing of cleartext between Server and Controller. The attacker can...

CVE-2018-9313

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot...