Vulnerability in Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb
CVE-2019-18980

7.5HIGH

Key Information:

Vendor: Philips
Status: Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656 Firmware
Vendor: CVE Published:; 14 November 2019

Summary

The Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb is vulnerable due to an unprotected API that allows remote users to manipulate the bulb's functionality without any authentication. This API flaw enables unauthorized individuals to turn the bulb on or off, alter its brightness, or change its color simply by having network access to the bulb. With no encryption or security measures in place, this vulnerability poses significant risks to users, emphasizing the need for enhanced security in IoT devices.

References

https://blog.dammitly.net/2019/10/cheap-hackable-wifi-lig...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2019
Vulnerability Reserved
Nov 14, 2019