VYPR

WiFi Switch V1

by myStrom

CVEs (5)

  • CVE-2018-15477CriAug 30, 2018
    risk 0.64cvss 9.8epss 0.02

    myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.

  • CVE-2018-15480HigAug 30, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The cloud API had a hidden parameter, which…

  • CVE-2018-15478HigAug 30, 2018
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud…

  • CVE-2018-15476HigAug 30, 2018
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to…

  • CVE-2018-15479MedAug 30, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the…