Unprotected API lets remote users control Philips Taolight Smart Wi-Fi Wiz Contol

http://gregorydowling.com/wp/wp-commentin.php?pass=f0aab4595a024d626315fb786dce8282 Overview :

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb API Flaws

http://ramblingfisherman.com/2012/05/34lb-chinook-salmon-caught-nanaimo/ Affected Product(s) :

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb

Vulnerability Details :

CVE ID :	CVE-2019-18980
	On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb’s operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.

Solution :

Entire redesign of the Bulb needed with traffic encrypted with recent auth system

Contact us to get started

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows

Learn more

CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more

Learn more

CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the

Learn more