VYPR

Hue Bridge

by Philips

CVEs (10)

  • CVE-2026-3562HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3560HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to…

  • CVE-2026-3556HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.01

    Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3559HigMar 16, 2026
    risk 0.53cvss 8.1epss 0.00

    Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3558HigMar 16, 2026
    risk 0.53cvss 8.1epss 0.00

    Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3561HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.01

    Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to…

  • CVE-2026-3557HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.01

    Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is…

  • CVE-2026-3555HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.00

    Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to…

  • CVE-2020-6007HigJan 23, 2020
    risk 0.52cvss 7.9epss 0.02

    Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

  • CVE-2017-14797HigOct 1, 2017
    risk 0.49cvss 7.5epss 0.00

    Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to…