This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device.
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected.
Metrics
Affected Vendors & Products
References
History
Fri, 25 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Signify Innovations India
Signify Innovations India phillips Smart Bulb 10-watt Firmware Signify Innovations India phillips Smart Bulb 12-watt Firmware Signify Innovations India phillips Smart Bulb 9-watt Firmware Signify Innovations India phillips Smart T-bulb 10-watt Firmware Signify Innovations India phillips Smart T-bulb 12-watt Firmware Signify Innovations India phillips Smart Wi-fi Led Batten 24-watt Firmware Signify Innovations India phillips Smart Wi-fi Led T Beamer 20-watt Firmware |
|
CPEs | cpe:2.3:o:signify_innovations_india:phillips_smart_bulb_10-watt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:signify_innovations_india:phillips_smart_bulb_12-watt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:signify_innovations_india:phillips_smart_bulb_9-watt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:signify_innovations_india:phillips_smart_t-bulb_10-watt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:signify_innovations_india:phillips_smart_t-bulb_12-watt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:signify_innovations_india:phillips_smart_wi-fi_led_batten_24-watt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:signify_innovations_india:phillips_smart_wi-fi_led_t_beamer_20-watt_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Signify Innovations India
Signify Innovations India phillips Smart Bulb 10-watt Firmware Signify Innovations India phillips Smart Bulb 12-watt Firmware Signify Innovations India phillips Smart Bulb 9-watt Firmware Signify Innovations India phillips Smart T-bulb 10-watt Firmware Signify Innovations India phillips Smart T-bulb 12-watt Firmware Signify Innovations India phillips Smart Wi-fi Led Batten 24-watt Firmware Signify Innovations India phillips Smart Wi-fi Led T Beamer 20-watt Firmware |
|
Metrics |
ssvc
|
Fri, 25 Oct 2024 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. | |
Title | Cleartext Storage of Sensitive Information Vulnerability in Philips Lighting Devices | |
Weaknesses | CWE-312 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: CERT-In
Published: 2024-10-25T12:27:44.531Z
Updated: 2024-10-25T18:48:23.746Z
Reserved: 2024-10-15T11:49:30.141Z
Link: CVE-2024-9991
Vulnrichment
Updated: 2024-10-25T18:48:04.742Z
NVD
Status : Awaiting Analysis
Published: 2024-10-25T13:15:18.250
Modified: 2024-10-28T13:58:09.230
Link: CVE-2024-9991
Redhat
No data.