Unprotected API lets remote users control Philips Taolight Smart Wi-Fi Wiz Contol

Common Vulnerabilities and Exposures

November 15, 2019

Rajaneesh

Overview :

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb API Flaws

Affected Product(s) :

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb

Vulnerability Details :

CVE ID :	CVE-2019-18980
	On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb’s operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.

Solution :

Entire redesign of the Bulb needed with traffic encrypted with recent auth system

CVE-2019-18980 Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb

Advanced Machine Learning Based Cloud Security Solution

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

100%

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Demo Request Form

100% Advanced Machine Learning Based Bot Management Solution

Demo Request Form

Unprotected API lets remote users control Philips Taolight Smart Wi-Fi Wiz Contol

Getting Started

Use Cases

WAF Automation

Contact Us