ID

VAR-202603-0927


CVE

CVE-2026-3558


TITLE

philips' Hue Bridge V2  Vulnerability related to lack of authentication for critical functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013581

DESCRIPTION

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28374. ZDI-CAN-28374 It was known as.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software will not stop

Trust: 2.25

sources: NVD: CVE-2026-3558 // JVNDB: JVNDB-2026-013581 // ZDI: ZDI-26-156

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridge v2scope:ltversion:1975170000

Trust: 1.0

vendor:フィリップスmodel:hue bridge v2scope:eqversion:hue bridge v2 firmware 1975170000

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:hue bridge v2scope: - version: -

Trust: 0.8

vendor:philipsmodel:hue bridgescope: - version: -

Trust: 0.7

sources: ZDI: ZDI-26-156 // JVNDB: JVNDB-2026-013581 // NVD: CVE-2026-3558

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2026-3558
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013581
value: HIGH

Trust: 0.8

ZDI: CVE-2026-3558
value: HIGH

Trust: 0.7

zdi-disclosures@trendmicro.com: CVE-2026-3558
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

OTHER: JVNDB-2026-013581
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2026-3558
baseSeverity: HIGH
baseScore: 8.1
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-156 // JVNDB: JVNDB-2026-013581 // NVD: CVE-2026-3558

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013581 // NVD: CVE-2026-3558

PATCH

title:ZDI-26-156 | Zero Day Initiativeurl:https://www.zerodayinitiative.com/advisories/ZDI-26-156/

Trust: 0.8

title:Fixed in Bridge v2 Software version 1975170000url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-156 // JVNDB: JVNDB-2026-013581

EXTERNAL IDS

db:NVDid:CVE-2026-3558

Trust: 3.3

db:ZDIid:ZDI-26-156

Trust: 1.7

db:JVNDBid:JVNDB-2026-013581

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-28374

Trust: 0.7

sources: ZDI: ZDI-26-156 // JVNDB: JVNDB-2026-013581 // NVD: CVE-2026-3558

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-26-156/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3558

Trust: 0.8

url:https://www.philips-hue.com/en-ca/support/release-notes/bridge

Trust: 0.7

sources: ZDI: ZDI-26-156 // JVNDB: JVNDB-2026-013581 // NVD: CVE-2026-3558

CREDITS

Ho Xuan Ninh (@Xuanninh1412) and Hoang Hai Long (@seadragnol) from Qrious Secure (@qriousec)

Trust: 0.7

sources: ZDI: ZDI-26-156

SOURCES

db:ZDIid:ZDI-26-156
db:JVNDBid:JVNDB-2026-013581
db:NVDid:CVE-2026-3558

LAST UPDATE DATE

2026-06-19T23:19:14.213000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-156date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013581date:2026-04-30T03:29:00
db:NVDid:CVE-2026-3558date:2026-04-27T14:48:21.320

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-156date:2026-03-06T00:00:00
db:JVNDBid:JVNDB-2026-013581date:2026-04-30T00:00:00
db:NVDid:CVE-2026-3558date:2026-03-16T14:19:48.997