CVE-2023-42189
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/10/2023
Last modified:
15/02/2024
Description
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:* | ||
| cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:switchbot:hub2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phillips:hue_bridge_firmware:1.59.1959097030:*:*:*:*:*:*:* | ||
| cpe:2.3:h:phillips:hue_bridge:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:yeelight:smart_lamp_firmware:1.12.69:*:*:*:*:*:*:* | ||
| cpe:2.3:h:yeelight:smart_lamp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:smart_plug_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:smart_plug:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:orein:smart_bulb_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page