An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Published 2022-10-14 16:15:18
Updated 2022-10-18 20:15:06
Source Synopsys
View at NVD,   CVE.org

Products affected by CVE-2022-39064

Exploit prediction scoring system (EPSS) score for CVE-2022-39064

0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-39064

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
8.1
HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
2.8
5.2
NIST

CWE ids for CVE-2022-39064

  • The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
    Assigned by: disclosure@synopsys.com (Secondary)

References for CVE-2022-39064

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!