ID
VAR-202310-2079
CVE
CVE-2023-42189
TITLE
tapo of mini smart wi-fi plug Vulnerability related to inappropriate permission assignment to critical resources in products from multiple vendors such as firmware
Trust: 0.8
DESCRIPTION
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. tapo of mini smart wi-fi plug Firmware and other products from multiple vendors contain vulnerabilities related to inappropriate permission assignments on critical resources.Service operation interruption (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | switchbot | model: | hub2 | scope: | eq | version: | 1.0-0.8 | Trust: 1.0 |
| vendor: | orein | model: | smart bulb | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | phillips | model: | hue bridge | scope: | eq | version: | 1.59.1959097030 | Trust: 1.0 |
| vendor: | eve | model: | door and window | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | tp link | model: | smart plug | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | tapo | model: | mini smart wi-fi plug | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | yeelight | model: | smart lamp | scope: | eq | version: | 1.12.69 | Trust: 1.0 |
| vendor: | nanoleaf | model: | lightstrip | scope: | eq | version: | 3.5.10 | Trust: 1.0 |
| vendor: | govee | model: | led strip | scope: | eq | version: | 3.00.42 | Trust: 1.0 |
| vendor: | switchbot | model: | hub2 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | yeelight | model: | smart lamp | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tapo | model: | mini smart wi-fi plug | scope: | - | version: | - | Trust: 0.8 |
| vendor: | nanoleaf | model: | lightstrip | scope: | - | version: | - | Trust: 0.8 |
| vendor: | eve | model: | door and window | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tp link | model: | smart plug | scope: | - | version: | - | Trust: 0.8 |
| vendor: | govee | model: | led strip | scope: | - | version: | - | Trust: 0.8 |
| vendor: | phillips | model: | hue hub | scope: | - | version: | - | Trust: 0.8 |
| vendor: | orein | model: | smart bulb | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-732 | Trust: 1.0 |
| problemtype: | Improper permission assignment for critical resources (CWE-732) [NVD evaluation ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-42189 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2023-014637 | Trust: 0.8 |
REFERENCES
| url: | https://github.com/iot-fuzz/iot-fuzz/blob/main/remove%20key%20set%20vulnerability%20report.pdf | Trust: 1.8 |
| url: | https://github.com/project-chip/connectedhomeip/issues/28518 | Trust: 1.8 |
| url: | https://github.com/project-chip/connectedhomeip/issues/28679 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-42189 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2023-014637 |
| db: | NVD | id: | CVE-2023-42189 |
LAST UPDATE DATE
2024-08-14T14:16:52.439000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2023-014637 | date: | 2023-12-25T04:28:00 |
| db: | NVD | id: | CVE-2023-42189 | date: | 2024-02-15T19:44:54.227 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2023-014637 | date: | 2023-12-25T00:00:00 |
| db: | NVD | id: | CVE-2023-42189 | date: | 2023-10-10T03:15:09.530 |