Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3562

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-13 Mar, 2026 | 20:37
Updated At-16 Mar, 2026 | 20:21
Rejected At-
Credits

Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability

Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:13 Mar, 2026 | 20:37
Updated At:16 Mar, 2026 | 20:21
Rejected At:
▼CVE Numbering Authority (CNA)
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability

Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.

Affected Products
Vendor
PhilipsPhilips
Product
Hue Bridge
Default Status
unknown
Versions
Affected
  • 1.73.1973146020
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347: Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347: Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.06.3MEDIUM
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-26-160/
x_research-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-26-160/
Resource:
x_research-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:16 Mar, 2026 | 14:19
Updated At:27 Apr, 2026 | 14:28

Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.06.3MEDIUM
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Philips
philips
>>hue_bridge_v2_firmware>>Versions before 1975170000(exclusive)
cpe:2.3:o:philips:hue_bridge_v2_firmware:*:*:*:*:*:*:*:*
Philips
philips
>>hue_bridge_v2>>-
cpe:2.3:h:philips:hue_bridge_v2:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-347Primaryzdi-disclosures@trendmicro.com
CWE ID: CWE-347
Type: Primary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zerodayinitiative.com/advisories/ZDI-26-160/zdi-disclosures@trendmicro.com
Third Party Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-26-160/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2021-33017
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.06% / 19.28%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 18:48
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

Action-Not Available
Vendor-Philips
Product-intellibridge_ec80intellibridge_ec40intellibridge_ec40_firmwareintellibridge_ec80_firmwareIntelliBridge EC 40 HubIntelliBridge EC 80 Hub
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2021-32993
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.03% / 9.52%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 18:48
Updated-17 Sep, 2024 | 03:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials

IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Action-Not Available
Vendor-Philips
Product-intellibridge_ec80intellibridge_ec40intellibridge_ec40_firmwareintellibridge_ec80_firmwareIntelliBridge EC 40 HubIntelliBridge EC 80 Hub
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-17906
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.43% / 62.76%
||
7 Day CHG~0.00%
Published-19 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.

Action-Not Available
Vendor-n/aPhilips
Product-intellispace_pacsisite_pacsPhilips iSite and IntelliSpace PACS
CWE ID-CWE-521
Weak Password Requirements
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-16222
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.67%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 12:55
Updated-23 Feb, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Patient Monitoring Devices Improper Authentication

In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.

Action-Not Available
Vendor-Philips
Product-performancebridge_focal_pointpatient_information_center_ixPatient Information Center iX (PICiX)PerformanceBridge Focal Point
CWE ID-CWE-287
Improper Authentication
CVE-2020-13593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.42%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 14:54
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).

Action-Not Available
Vendor-tin/a
Product-simplelink-cc2640r2_software_development_kitn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2015-3298
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.28%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 23:16
Updated-06 Aug, 2024 | 05:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.

Action-Not Available
Vendor-yubicon/a
Product-ykneo-openpgpn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
Details not found