CVE-2018-7580
Summary
| CVE | CVE-2018-7580 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-21 21:15:00 UTC |
| Updated | 2022-08-06 03:45:00 UTC |
| Description | Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Philips | Hue | - | All | All | All |
| Hardware | Philips | Hue | - | All | All | All |
| Operating System | Philips | Hue Firmware | All | All | All | All |
| Operating System | Philips | Hue Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: [CVE-2018-7580] - Philips Hue Denial of Service | FULLDISC | seclists.org | |
| Philips Hue Denial Of Service ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE-2018-7580 - Philips Hue Denial of Service | Ilia Shnaidman | MISC | www.iliashn.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.