CVE-2019-18980

HIGH

Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb - Info ...

Title source: llm

Description

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.

References (1)

[Exploit, Third Party Advisory] https://blog.dammitly.net/2019/10/cheap-hackable-wifi-light-bulbs-or-iot.html

Scores

CVSS v3 7.5

EPSS 0.0011

EPSS Percentile 29.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-306 CWE-311

Status published

Products (1)

philips/taolight_smart_wi-fi_wiz_connected_led_bulb_9290022656_firmware

Published Nov 14, 2019

Tracked Since Feb 18, 2026