1. CVE-Search
  2. CVE-2020-6007
ID CVE-2020-6007
Summary Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
References
Vulnerable Configurations
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01028090:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01028090:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01029624:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01029624:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01030262:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01030262:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01031131:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01031131:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01032318:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01032318:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01033370:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01033370:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01033989:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01033989:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01035934:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01035934:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01036562:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01036562:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01036659:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01036659:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01038390:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01038390:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:01039019:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:01039019:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1705121051:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1705121051:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1707040932:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1707040932:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1709131301:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1709131301:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1711151408:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1711151408:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1801260942:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1801260942:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1802201122:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1802201122:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1804201116:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1804201116:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1806051111:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1806051111:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1808300701:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1808300701:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1809121051:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1809121051:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1811120916:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1811120916:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1901181309:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1901181309:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1931069120:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1931069120:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1931140050:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1931140050:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1932073040:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1932073040:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1932126170:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1932126170:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1933087030:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1933087030:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1933144020:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1933144020:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1934058060:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1934058060:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1934129020:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1934129020:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1935074050:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1935074050:*:*:*:*:*:*:*
  • cpe:2.3:o:philips:hue_bridge_v2_firmware:1935144020:*:*:*:*:*:*:*
    cpe:2.3:o:philips:hue_bridge_v2_firmware:1935144020:*:*:*:*:*:*:*
  • cpe:2.3:h:philips:hue_bridge_v2:-:*:*:*:*:*:*:*
    cpe:2.3:h:philips:hue_bridge_v2:-:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 01-03-2023 - 03:00)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:A/AC:H/Au:N/C:P/I:P/A:P
refmap via4
misc
Last major update 01-03-2023 - 03:00
Published 23-01-2020 - 22:15
Last modified 01-03-2023 - 03:00
Back to Top