Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00523.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

AND
cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:*
cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:*
cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:*:*:*:*:*:*:*
cpe:2.3:h:switchbot:hub2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:phillips:hue_bridge_firmware:1.59.1959097030:*:*:*:*:*:*:*
cpe:2.3:h:phillips:hue_bridge:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:yeelight:smart_lamp_firmware:1.12.69:*:*:*:*:*:*:*
cpe:2.3:h:yeelight:smart_lamp:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:tp-link:smart_plug_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:smart_plug:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:orein:smart_bulb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:orein:smart_bulb:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:eve:eve_door_and_window_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:eve:eve_door_and_window:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Eve Subscribe
Eve Door And Window Subscribe
Eve Door And Window Firmware Subscribe
Govee Subscribe
Led Strip Subscribe
Led Strip Firmware Subscribe
Nanoleaf Subscribe
Lightstrip Subscribe
Lightstrip Firmware Subscribe
Orein Subscribe
Smart Bulb Subscribe
Smart Bulb Firmware Subscribe
Phillips Subscribe
Hue Bridge Subscribe
Hue Bridge Firmware Subscribe
Switchbot Subscribe
Hub2 Subscribe
Hub2 Firmware Subscribe
Tapo Subscribe
Mini Smart Wi-fi Plug Subscribe
Mini Smart Wi-fi Plug Firmware Subscribe
Tp-link Subscribe
Smart Plug Subscribe
Smart Plug Firmware Subscribe
Yeelight Subscribe
Smart Lamp Subscribe
Smart Lamp Firmware Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf cve-icon cve-icon
https://github.com/project-chip/connectedhomeip/issues/28518 cve-icon cve-icon
https://github.com/project-chip/connectedhomeip/issues/28679 cve-icon cve-icon
History

Tue, 26 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-11-26T21:34:19.757Z

Reserved: 2023-09-08T00:00:00

Link: CVE-2023-42189

cve-icon Vulnrichment

Updated: 2024-08-02T19:16:51.051Z

cve-icon NVD

Status : Modified

Published: 2023-10-10T03:15:09.530

Modified: 2024-11-21T08:22:22.537

Link: CVE-2023-42189

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses