Sign-up

ID

VAR-201704-0128


CVE

CVE-2016-5052


TITLE

OSRAM SYLVANIA Osram Lightify Home Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2016-008313

DESCRIPTION

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. OSRAM SYLVANIA Osram Lightify Home Contains vulnerabilities related to security features.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. Attackers can use this vulnerability to perform man-in-the-middle attacks to obtain SSL encrypted traffic

Trust: 2.7

sources: NVD: CVE-2016-5052 // JVNDB: JVNDB-2016-008313 // CNVD: CNVD-2017-12298 // CNNVD: CNNVD-201704-518

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-12298

AFFECTED PRODUCTS

vendor:osrammodel:lightify homescope:lteversion:1.6.1

Trust: 1.0

vendor:osrammodel:lightify homescope:lteversion:2016-07-26

Trust: 0.8

vendor:osrammodel:sylvania osram lightify homescope:ltversion:2016-07-26

Trust: 0.6

vendor:osrammodel:lightify homescope:eqversion:1.6.1

Trust: 0.6

sources: CNVD: CNVD-2017-12298 // JVNDB: JVNDB-2016-008313 // CNNVD: CNNVD-201704-518 // NVD: CVE-2016-5052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5052
value: HIGH

Trust: 1.0

NVD: CVE-2016-5052
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-12298
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-518
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-5052
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-12298
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-5052
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-12298 // JVNDB: JVNDB-2016-008313 // CNNVD: CNNVD-201704-518 // NVD: CVE-2016-5052

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.8

sources: JVNDB: JVNDB-2016-008313 // NVD: CVE-2016-5052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-518

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-518

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008313

PATCH
title:LIGHTIFY - smart connected lighturl:https://www.osram.com/osram_com/tools-and-services/tools/lightify---smart-connected-light/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008313

EXTERNAL IDS
db:NVDid:CVE-2016-5052
Trust: 3.0
db:JVNDBid:JVNDB-2016-008313
Trust: 0.8
db:CNVDid:CNVD-2017-12298
Trust: 0.6
db:CNNVDid:CNNVD-201704-518
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-12298 // 
            
            
            
            JVNDB: JVNDB-2016-008313 // 
            
            
            
            CNNVD: CNNVD-201704-518 // 
            
            
            
            NVD: CVE-2016-5052

REFERENCES
url:https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059
Trust: 3.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5052
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-5052
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-12298 // 
            
            
            
            JVNDB: JVNDB-2016-008313 // 
            
            
            
            CNNVD: CNNVD-201704-518 // 
            
            
            
            NVD: CVE-2016-5052

SOURCES
db:CNVDid:CNVD-2017-12298
db:JVNDBid:JVNDB-2016-008313
db:CNNVDid:CNNVD-201704-518
db:NVDid:CVE-2016-5052

LAST UPDATE DATE
2025-04-20T20:16:10.984000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-12298date:2017-06-30T00:00:00
db:JVNDBid:JVNDB-2016-008313date:2017-05-15T00:00:00
db:CNNVDid:CNNVD-201704-518date:2017-05-18T00:00:00
db:NVDid:CVE-2016-5052date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-12298date:2017-06-30T00:00:00
db:JVNDBid:JVNDB-2016-008313date:2017-05-15T00:00:00
db:CNNVDid:CNNVD-201704-518date:2017-04-09T00:00:00
db:NVDid:CVE-2016-5052date:2017-04-10T03:59:01.343