On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-14T21:03:01
Updated: 2024-08-05T02:02:39.891Z
Reserved: 2019-11-14T00:00:00
Link: CVE-2019-18980
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-14T22:15:11.020
Modified: 2024-11-21T04:33:55.747
Link: CVE-2019-18980
Redhat
No data.