Notified: September 01, 2014 Updated: October 27, 2014
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 14, 2014 Updated: October 21, 2014
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: September 09, 2014 Updated: August 27, 2015
Statement Date: August 26, 2015
Affected
The CERT/CC reached out to Philips Electronics after originally discovering the vulnerability in the Philips Hue product, which utilizes lwIP for its TCP/IP stack. Philips provided the following response: "This issue has been investigated. Application-layer authentication prevents exploitation affecting confidentiality or integrity of Hue communication, data, firmware updates, etc. Hue Bridge software update 01018228 that fixes this issue is available since December 2014. Users can upgrade via the Hue app."
We are not aware of further vendor information regarding this vulnerability.
Notified: September 11, 2014 Updated: October 27, 2014
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.