Vulnerability Details : CVE-2018-7580
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.
Vulnerability category: Denial of service
Products affected by CVE-2018-7580
- cpe:2.3:o:philips:hue_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7580
1.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7580
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-7580
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7580
-
http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html
Philips Hue Denial Of Service ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2020/Dec/51
Full Disclosure: [CVE-2018-7580] - Philips Hue Denial of ServiceExploit;Mailing List;Third Party Advisory
-
https://www.iliashn.com/CVE-2018-7580/
CVE-2018-7580 - Philips Hue Denial of Service | Ilia ShnaidmanExploit;Third Party Advisory
Jump to