Security researchers taking a closer look at the Philips Hue smart bulbs and the bridge device that connects them discovered a vulnerability that helped them compromise more meaningful systems on the local network.
Tracked as CVE-2020-6007, the bug has a severity score of 7.9 out of 10. It is a heap buffer overflow that can be exploited remotely in Philips Hue Bridge model 2.x to execute arbitrary code. Affected firmware versions are up to 1935144020, released on January 13.
According to the researchers, an attacker can jump to other systems on the network using known exploits, such as the infamous EternalBlue. At this point, the threat actor can deploy whatever type of malware they want on the network (backdoor, spyware, info-stealer, cryptocurrency miner, ransomware).
In the latest research experts have revealed vulnerabilities affecting Philips Hue Smart Light Bulbs that can be exploited over-the-air from over 100 meters away to gain entry into a targeted WiFi network https://t.co/zyi3lCmXzS#cwcshosting #technews
— CWCS Managed Hosting (@CWCS_Hosting) February 5, 2020