Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by wizconnected
VAR-202104-0016
Vulnerability from variot - Updated: 2023-12-18 13:55An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.). No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a60 colors",
"scope": "eq",
"trust": 1.0,
"vendor": "wizconnected",
"version": "1.14.0"
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": null
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": "wiz colors a60 firmware 1.14.0"
},
{
"model": "connected wiz colors a60",
"scope": "eq",
"trust": 0.6,
"vendor": "wiz",
"version": "1.14.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:wizconnected:a60_colors_firmware:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:wizconnected:a60_colors:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"cve": "CVE-2020-11922",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-11922",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-29834",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-11922",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-11922",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-29834",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-098",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11922",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.). No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11922",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-29834",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-11922",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"id": "VAR-202104-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
}
]
},
"last_update_date": "2023-12-18T13:55:58.098000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart\u00a0lighting\u00a0for\u00a0your\u00a0daily\u00a0living",
"trust": 0.8,
"url": "https://www.wizconnected.com/en/consumer/"
},
{
"title": "Patch for WiZ Connected WiZ Colors A60 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/259941"
},
{
"title": "WiZ Connected WiZ Colors A60 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147290"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"trust": 1.6,
"url": "https://cwe.mitre.org/data/definitions/201.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11922"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"date": "2021-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"date": "2021-04-02T16:15:13.507000",
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"date": "2021-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"date": "2021-12-09T08:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"date": "2022-10-05T16:40:34.840000",
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiZ Connected WiZ Colors A60 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
],
"trust": 0.6
}
}
CVE-2020-11923 (GCVE-0-2020-11923)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:08 – Updated: 2024-08-04 11:42
VLAI
Summary
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Date Public
2021-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:07:47.377Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11923",
"datePublished": "2021-04-02T18:08:57.000Z",
"dateReserved": "2020-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11923 (GCVE-0-2020-11923)
Vulnerability from nvd – Published: 2021-04-02 18:08 – Updated: 2024-08-04 11:42
VLAI
Summary
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Date Public
2021-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:07:47.377Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11923",
"datePublished": "2021-04-02T18:08:57.000Z",
"dateReserved": "2020-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}