CVE-2023-29779
HIGHSengled E1e-g7f Firmware - Resource Allocation Without Limits
Title source: ruleDescription
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/iot-sec23/IoT-CVE/blob/main/Sengled%20Dimmer%20Switch%20Vulnerability%20Report.pdf
Vendor Advisory
https://us.sengled.com/
Scores
CVSS v3
7.5
EPSS
0.0060
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (1)
sengled/e1e-g7f_firmware
0.0.9
Published
Apr 25, 2023
Tracked Since
Feb 18, 2026