Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-6007

Summary
Assigner-checkpoint
Assigner Org ID-897c38be-0345-43cd-b6cf-fe179e0c4f45
Published At-23 Jan, 2020 | 21:20
Updated At-04 Aug, 2024 | 08:47
Rejected At-
Credits

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:checkpoint
Assigner Org ID:897c38be-0345-43cd-b6cf-fe179e0c4f45
Published At:23 Jan, 2020 | 21:20
Updated At:04 Aug, 2024 | 08:47
Rejected At:
▼CVE Numbering Authority (CNA)

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

Affected Products
Vendor
n/a
Product
Philips Hue Bridge 2.X
Versions
Affected
  • All versions prior to and including 1935144020
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www2.meethue.com/en-us/support/release-notes/bridge
x_refsource_MISC
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
x_refsource_MISC
Hyperlink: https://www2.meethue.com/en-us/support/release-notes/bridge
Resource:
x_refsource_MISC
Hyperlink: https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www2.meethue.com/en-us/support/release-notes/bridge
x_refsource_MISC
x_transferred
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
x_refsource_MISC
x_transferred
Hyperlink: https://www2.meethue.com/en-us/support/release-notes/bridge
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@checkpoint.com
Published At:23 Jan, 2020 | 22:15
Updated At:01 Mar, 2023 | 03:00

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.9HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary2.04.3MEDIUM
AV:A/AC:H/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:A/AC:H/Au:N/C:P/I:P/A:P
CPE Matches
Philips
philips
>>hue_bridge_v2_firmware>>Versions up to 1935144020(inclusive)
cpe:2.3:o:philips:hue_bridge_v2_firmware:*:*:*:*:*:*:*:*
Philips
philips
>>hue_bridge_v2>>-
cpe:2.3:h:philips:hue_bridge_v2:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-122Secondarycve@checkpoint.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-122
Type: Secondary
Source: cve@checkpoint.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/cve@checkpoint.com
Exploit
Third Party Advisory
https://www2.meethue.com/en-us/support/release-notes/bridgecve@checkpoint.com
Product
Release Notes
Hyperlink: https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
Source: cve@checkpoint.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www2.meethue.com/en-us/support/release-notes/bridge
Source: cve@checkpoint.com
Resource:
Product
Release Notes

Change History

0
Information is not available yet

Similar CVEs

11Records found
CVE-2018-10601
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.2||HIGH
EPSS-0.12% / 29.92%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 20:00
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

Action-Not Available
Vendor-ICS-CERTPhilips
Product-intellivue_np90_firmwareavalon_fetal\/maternal_monitors_fm50_firmwareintellivue_mp50_firmwareintellivue_mx800intellivue_mx100_firmwareavalon_fetal\/maternal_monitors_fm40_firmwareavalon_fetal\/maternal_monitors_fm20intellivue_mx700intellivue_mx550_firmwareintellivue_mx800_firmwareintellivue_mx400_firmwareintellivue_mx450intellivue_mp30intellivue_mx700_firmwareintellivue_mp30_firmwareintellivue_mp2avalon_fetal\/maternal_monitors_fm30_firmwareintellivue_x2_firmwareintellivue_np90intellivue_mp70_firmwareavalon_fetal\/maternal_monitors_fm50intellivue_mx500intellivue_mp70intellivue_x3intellivue_mp2_firmwareavalon_fetal\/maternal_monitors_fm20_firmwareintellivue_mp50intellivue_x2avalon_fetal\/maternal_monitors_fm30intellivue_mx450_firmwareintellivue_mx100intellivue_x3_firmwareavalon_fetal\/maternal_monitors_fm40intellivue_mx500_firmwareintellivue_mx550intellivue_mx400IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-10597
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.3||HIGH
EPSS-0.13% / 31.36%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

Action-Not Available
Vendor-ICS-CERTPhilips
Product-intellivue_np90_firmwareavalon_fetal\/maternal_monitors_fm50_firmwareintellivue_mp50_firmwareintellivue_mx800intellivue_mx100_firmwareavalon_fetal\/maternal_monitors_fm40_firmwareavalon_fetal\/maternal_monitors_fm20intellivue_mx700intellivue_mx550_firmwareintellivue_mx800_firmwareintellivue_mx400_firmwareintellivue_mx450intellivue_mp30intellivue_mx700_firmwareintellivue_mp30_firmwareintellivue_mp2avalon_fetal\/maternal_monitors_fm30_firmwareintellivue_x2_firmwareintellivue_np90intellivue_mp70_firmwareavalon_fetal\/maternal_monitors_fm50intellivue_mx500intellivue_mp70intellivue_x3intellivue_mp2_firmwareavalon_fetal\/maternal_monitors_fm20_firmwareintellivue_mp50intellivue_x2avalon_fetal\/maternal_monitors_fm30intellivue_mx450_firmwareintellivue_mx100intellivue_x3_firmwareavalon_fetal\/maternal_monitors_fm40intellivue_mx500_firmwareintellivue_mx550intellivue_mx400IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-3560
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.40%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:37
Updated-27 Apr, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28469.

Action-Not Available
Vendor-Philips
Product-hue_bridge_v2hue_bridge_v2_firmwareHue Bridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-3555
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-0.06% / 18.95%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:36
Updated-27 Apr, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. The issue results from the lack of proper validation of the size of data prior to copying it to a fixed-size heap buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28276.

Action-Not Available
Vendor-Philips
Product-hue_bridge_v2hue_bridge_v2_firmwareHue Bridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-3556
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.40%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:36
Updated-27 Apr, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HomeKit service. Was ZDI-CAN-28326.

Action-Not Available
Vendor-Philips
Product-hue_bridge_v2hue_bridge_v2_firmwareHue Bridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-3557
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-0.18% / 39.63%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:36
Updated-27 Apr, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the hap_pair_verify_handler function of the hk_hap service, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28337.

Action-Not Available
Vendor-Philips
Product-hue_bridge_v2hue_bridge_v2_firmwareHue Bridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-3561
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-0.14% / 33.85%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:37
Updated-27 Apr, 2026 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of PUT requests to the characteristics endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28479.

Action-Not Available
Vendor-Philips
Product-hue_bridge_v2hue_bridge_v2_firmwareHue Bridge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2020-12654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.40% / 60.78%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 04:47
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9501
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.9||HIGH
EPSS-2.27% / 84.77%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 21:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom wl driver is vulnerable to heap buffer overflow

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Action-Not Available
Vendor-Broadcom Inc.Synology, Inc.
Product-bcm4339router_managerbcm4339_firmwareWiFi drivers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9500
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.9||HIGH
EPSS-2.93% / 86.52%
||
7 Day CHG~0.00%
Published-16 Jan, 2020 | 20:35
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom brcmfmac driver is vulnerable to a heap buffer overflow

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Action-Not Available
Vendor-Broadcom Inc.Linux Kernel Organization, Inc
Product-brcmfmac_driverlinux_kernelbrcmfmac WiFi driver
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9502
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.9||HIGH
EPSS-1.41% / 80.67%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 21:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom wl driver is vulnerable to heap buffer overflow

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Action-Not Available
Vendor-Broadcom Inc.Synology, Inc.
Product-bcm4339router_managerbcm4339_firmwareWiFi drivers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
Details not found