CVE-2018-7580
First published: Mon Dec 21 2020(Updated: )
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Hue firmware | ||
| Philips lighting devices |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7580?
CVE-2018-7580 is a vulnerability in Philips Hue that allows for a Denial of Service (DoS) attack.
How does CVE-2018-7580 work?
CVE-2018-7580 can be exploited by sending a SYN flood on port tcp/80, causing the Philips Hue hub to freeze and stop responding.
What is the severity level of CVE-2018-7580?
CVE-2018-7580 has a severity level of 7.5 (High).
How can I fix CVE-2018-7580?
To mitigate CVE-2018-7580, it is recommended to apply the latest firmware updates provided by Philips Hue.
Where can I find more information about CVE-2018-7580?
You can find more information about CVE-2018-7580 at the following references: [Link1](http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html), [Link2](http://seclists.org/fulldisclosure/2020/Dec/51), [Link3](https://www.iliashn.com/CVE-2018-7580/)
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/philips
- canonical/philips hue bridge
- canonical/philips lighting devices