Unprotected API lets remote users control Philips Taolight Smart Wi-Fi Wiz Contol

Overview :

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb API Flaws

Affected Product(s) :

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb

Vulnerability Details :

CVE ID :	CVE-2019-18980
	On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb’s operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.

Solution :

Entire redesign of the Bulb needed with traffic encrypted with recent auth system

Contact us to get started

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

Description Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being

Learn more

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

Description Several Cross-Site Scripting vulnerabilities in the Curtain WordPress plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker would be

Learn more

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

Description It was noted that there is security checking to prevent some of the Avast processes from loading of undesired/unsigned

Learn more

Unprotected API lets remote users control Philips Taolight Smart Wi-Fi Wiz Contol

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function