CVE-2025-56562
HIGHSignify Wiz Connected 1.9.1 - Unauthenticated Denial of Service via MAC Address
Title source: llmDescription
An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address.
References (4)
Core 4
Core References
Product
http://signify.com
Not Applicable
http://wiz.com
Broken Link
https://api.wiz.world/api/v2/light
Scores
CVSS v3
7.5
EPSS
0.0039
EPSS Percentile
30.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (1)
signify/wiz_connected
1.9.1
Published
Sep 16, 2025
Tracked Since
Feb 18, 2026