Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39065: CyRC Vulnerability Advisory: CVE-2022-39065 IKEA TRÅDFRI smart lighting gateway

A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE
#vulnerability#auth

Posted by on Wednesday, October 5, 2022

CVE-2022-39065 is a vulnerability affecting the IKEA TRÅDFRI smart lighting gateway.

Overview

Researchers at the Synopsys Cybersecurity Research Center (CyRC) have discovered a vulnerability affecting availability in the IKEA TRÅDFRI smart lighting system. A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control.

The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected.

To recover from this attack, a user could manually power cycle the gateway. However, an attacker could reproduce the attack at any time.

CVE-2022-39065 is related to another availability vulnerability that was recently discovered in the IKEA TRÅDFRI smart lighting system (CVE-2022-39064). Read our latest blog post to learn more.

Affected devices

IKEA Trådfri Gateway type E1526 version 1.17.44 and earlier

Impact

CVSS 3.1 base score: 6.5
CVSS 3.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Remediation

Upgrade the gateway software to version 1.19.26 or later.

Discovery credit

This vulnerability was discovered by CyRC researchers Kari Hulkko and Tuomo Untinen.

Timeline

  • June 17, 2021: Initial disclosure to Ikea
  • October 29, 2021: Ikea confirms a fix will be produced for the vulnerability
  • February 16, 2022: Ikea releases a fix for the vulnerability
  • October 5, 2022: Synopsys publishes advisory

About CVSS

FIRST.Org, Inc (FIRST) is a non-profit organization based out of US that owns and manages CVSS. It is not required to be a member of FIRST to utilize or implement CVSS but FIRST does require any individual or organization give appropriate attribution while using CVSS. FIRST also states that any individual or organization that publishes scores follow the guideline so that anyone can understand how the score was calculated.

Stay on top of the latest in application security

Subscribe to the blog

Related news

CVE-2022-39064: CyRC Vulnerability Advisory: CVE-2022-39064 IKEA TRÅDFRI smart lighting

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVE-2022-39064: CyRC Vulnerability Advisory: CVE-2022-39064 IKEA TRÅDFRI smart lighting

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Smart lights vulnerable to "blink and you'll miss it" attack

Categories: News Tags: smart light system Tags: light bulb Tags: IoT Tags: Internet of Things Tags: compromise Tags: CVE In 2022, even our light bulbs have CVEs (Read more...) The post Smart lights vulnerable to "blink and you'll miss it" attack appeared first on Malwarebytes Labs.

Smart lights vulnerable to "blink and you'll miss it" attack

Categories: News Tags: smart light system Tags: light bulb Tags: IoT Tags: Internet of Things Tags: compromise Tags: CVE In 2022, even our light bulbs have CVEs (Read more...) The post Smart lights vulnerable to "blink and you'll miss it" attack appeared first on Malwarebytes Labs.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907