Vulnerability Description
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Philips | Hue Bridge V2 Firmware | <= 1935144020 |
| Philips | Hue Bridge V2 | - |
Related Weaknesses (CWE)
References
- https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/ExploitThird Party Advisory
- https://www2.meethue.com/en-us/support/release-notes/bridgeProductRelease Notes
- https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/ExploitThird Party Advisory
- https://www2.meethue.com/en-us/support/release-notes/bridgeProductRelease Notes
FAQ
What is CVE-2020-6007?
CVE-2020-6007 is a vulnerability with a CVSS score of 7.9 (HIGH). Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code ...
How severe is CVE-2020-6007?
CVE-2020-6007 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6007?
Check the references section above for vendor advisories and patch information. Affected products include: Philips Hue Bridge V2 Firmware, Philips Hue Bridge V2.