Vulnerability Details CVE-2018-7580
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2020/Dec/51
- https://www.iliashn.com/CVE-2018-7580/
- http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2020/Dec/51
- https://www.iliashn.com/CVE-2018-7580/
Products affected by CVE-2018-7580
-
cpe:2.3:h:philips:hue:-
-
cpe:2.3:o:philips:hue_firmware:-