Vulnerability Description
A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ikea | Tradfri Gateway E1526 Firmware | < 1.19.26 |
| Ikea | Tradfri Gateway E1526 | - |
Related Weaknesses (CWE)
References
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smarThird Party Advisory
- https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smarThird Party Advisory
FAQ
What is CVE-2022-39065?
CVE-2022-39065 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The m...
How severe is CVE-2022-39065?
CVE-2022-39065 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39065?
Check the references section above for vendor advisories and patch information. Affected products include: Ikea Tradfri Gateway E1526 Firmware, Ikea Tradfri Gateway E1526.