CVE-2023-42189

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

nsecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

References

Link	Resource
https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf	Third Party Advisory
https://github.com/project-chip/connectedhomeip/issues/28518	Issue Tracking Third Party Advisory
https://github.com/project-chip/connectedhomeip/issues/28679	Issue Tracking Third Party Advisory
https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf	Third Party Advisory
https://github.com/project-chip/connectedhomeip/issues/28518	Issue Tracking Third Party Advisory
https://github.com/project-chip/connectedhomeip/issues/28679	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:*

cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:*

cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:*:*:*:*:*:*:*

cpe:2.3:h:switchbot:hub2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:phillips:hue_bridge_firmware:1.59.1959097030:*:*:*:*:*:*:*

cpe:2.3:h:phillips:hue_bridge:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:yeelight:smart_lamp_firmware:1.12.69:*:*:*:*:*:*:*

cpe:2.3:h:yeelight:smart_lamp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:tp-link:smart_plug_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:smart_plug:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:orein:smart_bulb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:orein:smart_bulb:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:eve:eve_door_and_window_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:eve:eve_door_and_window:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:22

Type	Values Removed	Values Added
References	~~() https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf - Third Party Advisory~~	() https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf - Third Party Advisory
References	~~() https://github.com/project-chip/connectedhomeip/issues/28518 - Issue Tracking, Third Party Advisory~~	() https://github.com/project-chip/connectedhomeip/issues/28518 - Issue Tracking, Third Party Advisory
References	~~() https://github.com/project-chip/connectedhomeip/issues/28679 - Issue Tracking, Third Party Advisory~~	() https://github.com/project-chip/connectedhomeip/issues/28679 - Issue Tracking, Third Party Advisory