Nanoleaf: Security Vulnerabilities
An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-31
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-10-10
Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-04-27
Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.033
Published
2023-04-18