Sign-up

ID

VAR-201911-1369


CVE

CVE-2019-18980


TITLE

Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012181

DESCRIPTION

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb

Trust: 1.62

sources: NVD: CVE-2019-18980 // JVNDB: JVNDB-2019-012181

IOT TAXONOMY

category:['home & office device']sub_category:bulb

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:philipsmodel:taolight smart wi-fi wiz connected led bulb 9290022656scope:eqversion: -

Trust: 1.0

vendor:philipsmodel:taolight smart wi-fi wiz connected led bulb 9290022656scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-012181 // NVD: CVE-2019-18980

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18980
value: HIGH

Trust: 1.0

NVD: CVE-2019-18980
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1003
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18980
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-18980
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-18980
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-012181 // CNNVD: CNNVD-201911-1003 // NVD: CVE-2019-18980

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-012181 // NVD: CVE-2019-18980

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-1003

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201911-1003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012181

PATCH
title:トップページurl:https://www.philips.co.jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-012181

EXTERNAL IDS
db:NVDid:CVE-2019-18980
Trust: 2.5
db:JVNDBid:JVNDB-2019-012181
Trust: 0.8
db:CNNVDid:CNNVD-201911-1003
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-012181 // 
            
            
            
            CNNVD: CNNVD-201911-1003 // 
            
            
            
            NVD: CVE-2019-18980

REFERENCES
url:https://blog.dammitly.net/2019/10/cheap-hackable-wifi-light-bulbs-or-iot.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-18980
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18980
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-012181 // 
            
            
            
            CNNVD: CNNVD-201911-1003 // 
            
            
            
            NVD: CVE-2019-18980

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2019-012181
db:CNNVDid:CNNVD-201911-1003
db:NVDid:CVE-2019-18980

LAST UPDATE DATE
2025-01-30T19:27:33.023000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-012181date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-1003date:2020-10-28T00:00:00
db:NVDid:CVE-2019-18980date:2024-11-21T04:33:55.747

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-012181date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-1003date:2019-11-14T00:00:00
db:NVDid:CVE-2019-18980date:2019-11-14T22:15:11.020