VYPR
Vendor

Nanoleaf

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2022-47758CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.

  • CVE-2022-46640CriApr 18, 2023
    risk 0.64cvss 9.8epss 0.02

    Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request.

  • CVE-2023-45955HigOct 31, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.

  • CVE-2023-42189HigOct 10, 2023
    risk 0.49cvss 7.5epss 0.01

    Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote…

  • CVE-2026-33268Mar 25, 2026
    risk 0.00cvss epss 0.00

    Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6.