Vulnerability Description
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Philips | Hue Firmware | All versions |
| Philips | Hue | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/51ExploitMailing ListThird Party Advisory
- https://www.iliashn.com/CVE-2018-7580/ExploitThird Party Advisory
- http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/51ExploitMailing ListThird Party Advisory
- https://www.iliashn.com/CVE-2018-7580/ExploitThird Party Advisory
FAQ
What is CVE-2018-7580?
CVE-2018-7580 is a vulnerability with a CVSS score of 7.5 (HIGH). Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until...
How severe is CVE-2018-7580?
CVE-2018-7580 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7580?
Check the references section above for vendor advisories and patch information. Affected products include: Philips Hue Firmware, Philips Hue.