ID

VAR-202603-0907


CVE

CVE-2026-3557


TITLE

philips' Hue Bridge V2  Heap-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013583

DESCRIPTION

Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the hap_pair_verify_handler function of the hk_hap service, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28337. This vulnerability can affect attackers in network proximity. An attacker could exploit this vulnerability. The original identification number is ZDI-CAN-28337 is.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 2.25

sources: NVD: CVE-2026-3557 // JVNDB: JVNDB-2026-013583 // ZDI: ZDI-26-155

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridge v2scope:ltversion:1975170000

Trust: 1.0

vendor:フィリップスmodel:hue bridge v2scope:eqversion:hue bridge v2 firmware 1975170000

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope: - version: -

Trust: 0.8

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-155 // JVNDB: JVNDB-2026-013583 // NVD: CVE-2026-3557

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2026-3557
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013583
value: HIGH

Trust: 0.8

ZDI: CVE-2026-3557
value: HIGH

Trust: 0.7

zdi-disclosures@trendmicro.com: CVE-2026-3557
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2026-013583
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2026-3557
baseSeverity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-155 // JVNDB: JVNDB-2026-013583 // NVD: CVE-2026-3557

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013583 // NVD: CVE-2026-3557

PATCH

title:ZDI-26-155 | Zero Day Initiativeurl:https://www.zerodayinitiative.com/advisories/ZDI-26-155/

Trust: 0.8

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-155 // JVNDB: JVNDB-2026-013583

EXTERNAL IDS

db:NVDid:CVE-2026-3557

Trust: 3.3

db:ZDIid:ZDI-26-155

Trust: 1.7

db:JVNDBid:JVNDB-2026-013583

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-28337

Trust: 0.7

sources: ZDI: ZDI-26-155 // JVNDB: JVNDB-2026-013583 // NVD: CVE-2026-3557

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-26-155/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3557

Trust: 0.8

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-155 // JVNDB: JVNDB-2026-013583 // NVD: CVE-2026-3557

CREDITS

Viettel Cyber Security

Trust: 0.7

sources: ZDI: ZDI-26-155

SOURCES

db:ZDIid:ZDI-26-155
db:JVNDBid:JVNDB-2026-013583
db:NVDid:CVE-2026-3557

LAST UPDATE DATE

2026-06-19T23:29:13.510000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-155date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013583date:2026-04-30T03:29:00
db:NVDid:CVE-2026-3557date:2026-04-27T14:50:37.883

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-155date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013583date:2026-04-30T00:00:00
db:NVDid:CVE-2026-3557date:2026-03-16T14:19:48.837