CVE-2018-7580 Information

Description

Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue’s hub and it will stop responding. The \hub\ will stop operating and be frozen until the flood stops. During the flood the user won’t be able to turn on/off the lights and all of the hub’s functionality will be unresponsive. The cloud service also won’t work with the hub.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://www.iliashn.com/CVE-2018-7580/ http://seclists.org/fulldisclosure/2020/Dec/51 http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5