ID

VAR-202603-0913


CVE

CVE-2026-3555


TITLE

philips' Hue Bridge V2  Heap-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013585

DESCRIPTION

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. The issue results from the lack of proper validation of the size of data prior to copying it to a fixed-size heap buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28276. This vulnerability could affect an attacker located on a network adjacent to the system. The original identification number is ZDI-CAN-28276 is.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 2.25

sources: NVD: CVE-2026-3555 // JVNDB: JVNDB-2026-013585 // ZDI: ZDI-26-153

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridge v2scope:ltversion:1975170000

Trust: 1.0

vendor:フィリップスmodel:hue bridge v2scope:eqversion:hue bridge v2 firmware 1975170000

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope: - version: -

Trust: 0.8

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-153 // JVNDB: JVNDB-2026-013585 // NVD: CVE-2026-3555

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2026-3555
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013585
value: HIGH

Trust: 0.8

ZDI: CVE-2026-3555
value: HIGH

Trust: 0.7

zdi-disclosures@trendmicro.com: CVE-2026-3555
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.0

OTHER: JVNDB-2026-013585
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2026-3555
baseSeverity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-153 // JVNDB: JVNDB-2026-013585 // NVD: CVE-2026-3555

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013585 // NVD: CVE-2026-3555

PATCH

title:ZDI-26-153 | Zero Day Initiativeurl:https://www.zerodayinitiative.com/advisories/ZDI-26-153/

Trust: 0.8

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-153 // JVNDB: JVNDB-2026-013585

EXTERNAL IDS

db:NVDid:CVE-2026-3555

Trust: 3.3

db:ZDIid:ZDI-26-153

Trust: 1.7

db:JVNDBid:JVNDB-2026-013585

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-28276

Trust: 0.7

sources: ZDI: ZDI-26-153 // JVNDB: JVNDB-2026-013585 // NVD: CVE-2026-3555

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-26-153/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3555

Trust: 0.8

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-153 // JVNDB: JVNDB-2026-013585 // NVD: CVE-2026-3555

CREDITS

Mehdi Talbi, Matthieu Breuil, Théo Gordyjan from @Synacktiv

Trust: 0.7

sources: ZDI: ZDI-26-153

SOURCES

db:ZDIid:ZDI-26-153
db:JVNDBid:JVNDB-2026-013585
db:NVDid:CVE-2026-3555

LAST UPDATE DATE

2026-06-19T23:46:34.139000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-153date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013585date:2026-04-30T03:29:00
db:NVDid:CVE-2026-3555date:2026-04-27T14:50:08.153

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-153date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013585date:2026-04-30T00:00:00
db:NVDid:CVE-2026-3555date:2026-03-16T14:19:48.493