Vulnerability Description
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Syska | Smartlight Rainbow Led Smart Bulb Firmware | <= 2017-08-06 |
| Syska | Smartlight Rainbow Led Smart Bulb | - |
Related Weaknesses (CWE)
References
- https://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/Third Party Advisory
- https://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/Third Party Advisory
FAQ
What is CVE-2017-18642?
CVE-2017-18642 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks.
How severe is CVE-2017-18642?
CVE-2017-18642 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18642?
Check the references section above for vendor advisories and patch information. Affected products include: Syska Smartlight Rainbow Led Smart Bulb Firmware, Syska Smartlight Rainbow Led Smart Bulb.