CVE-2020-6007: Buffer Overflow
First published: Thu Jan 23 2020(Updated: )
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
Credit: cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Hue Bridge V2 Firmware | <=1935144020 | |
| Philips Hue Bridge V2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-6007?
CVE-2020-6007 is a vulnerability in Philips Hue Bridge model 2.X that allows for remote code execution due to a heap-based buffer overflow during the commissioning phase.
What is the severity of CVE-2020-6007?
CVE-2020-6007 has a severity rating of 7.9 (high) based on the CVSS v3.0 scoring system.
How does CVE-2020-6007 affect Philips Hue Bridge?
CVE-2020-6007 affects Philips Hue Bridge model 2.X prior to and including version 1935144020.
How can CVE-2020-6007 be exploited?
CVE-2020-6007 can be exploited by an attacker sending a long ZCL string during the commissioning phase, triggering the heap-based buffer overflow and allowing for remote code execution.
Is there a fix for CVE-2020-6007?
Yes, Philips has released a firmware update that addresses the CVE-2020-6007 vulnerability. It is recommended to update the firmware to the latest version.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/philips
- canonical/philips hue bridge v2 firmware
- version/philips hue bridge v2 firmware/1935144020
- canonical/philips hue bridge v2