ID

VAR-202603-0912


CVE

CVE-2026-3561


TITLE

philips' Hue Bridge V2  Heap-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013578

DESCRIPTION

Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of PUT requests to the characteristics endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28479. This vulnerability could affect an attacker adjacent to the network. ZDI-CAN-28479 It was registered as.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 2.25

sources: NVD: CVE-2026-3561 // JVNDB: JVNDB-2026-013578 // ZDI: ZDI-26-159

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridge v2scope:ltversion:1975170000

Trust: 1.0

vendor:フィリップスmodel:hue bridge v2scope:eqversion:hue bridge v2 firmware 1975170000

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope: - version: -

Trust: 0.8

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-159 // JVNDB: JVNDB-2026-013578 // NVD: CVE-2026-3561

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2026-3561
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013578
value: HIGH

Trust: 0.8

ZDI: CVE-2026-3561
value: HIGH

Trust: 0.7

zdi-disclosures@trendmicro.com: CVE-2026-3561
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2026-013578
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2026-3561
baseSeverity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-159 // JVNDB: JVNDB-2026-013578 // NVD: CVE-2026-3561

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013578 // NVD: CVE-2026-3561

PATCH

title:ZDI-26-159 | Zero Day Initiativeurl:https://www.zerodayinitiative.com/advisories/ZDI-26-159/

Trust: 0.8

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-159 // JVNDB: JVNDB-2026-013578

EXTERNAL IDS

db:NVDid:CVE-2026-3561

Trust: 3.3

db:ZDIid:ZDI-26-159

Trust: 1.7

db:JVNDBid:JVNDB-2026-013578

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-28479

Trust: 0.7

sources: ZDI: ZDI-26-159 // JVNDB: JVNDB-2026-013578 // NVD: CVE-2026-3561

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-26-159/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3561

Trust: 0.8

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-159 // JVNDB: JVNDB-2026-013578 // NVD: CVE-2026-3561

CREDITS

Thalium team from Thales Group (@thalium_team)

Trust: 0.7

sources: ZDI: ZDI-26-159

SOURCES

db:ZDIid:ZDI-26-159
db:JVNDBid:JVNDB-2026-013578
db:NVDid:CVE-2026-3561

LAST UPDATE DATE

2026-06-19T19:46:18.489000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-159date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013578date:2026-04-30T03:29:00
db:NVDid:CVE-2026-3561date:2026-04-27T14:30:01.860

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-159date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013578date:2026-04-30T00:00:00
db:NVDid:CVE-2026-3561date:2026-03-16T14:19:52.197