CVE-2022-39064— IKEA TRÅDFRI smart lighting 安全漏洞

N/A

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

N/A

非预期数据类型处理不恰当

IKEA TRÅDFRI smart lighting 安全漏洞

IKEA TRÅDFRI smart lighting是荷兰宜家家居（IKEA）公司的一系列智能照明设备。 IKEA TRÅDFRI smart lighting system存在安全漏洞，攻击者利用该漏洞可以发送单个格式错误的 IEEE 802.15.4 (Zigbee) 帧会使 TRÅDFRI 灯泡闪烁，如果他们多次重放同一帧，灯泡会执行出厂重置，这会导致灯泡丢失有关 Zigbee 网络和当前亮度级别的配置信息。

N/A

N/A