Home > Vulnerability Database > CVE-2023-42189

Mend.io Vulnerability Database

CVE-2023-42189

Date: October 9, 2023

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

Language: C++

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-42189

Url: https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf

Url: https://github.com/project-chip/connectedhomeip/issues/28518

Url: https://github.com/project-chip/connectedhomeip/issues/28679

Url: https://www.mend.io/vulnerability-database/CVE-2023-42189

Severity Score

7.5

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-42189

Date: October 9, 2023

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?