CVE-2023-42189:

0.0 CVSS

Description

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

Classification

CVE ID: CVE-2023-42189

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.47% (probability of being exploited)

EPSS Percentile: 75.67% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/project-chip/connectedhomeip/issues/28518
https://github.com/project-chip/connectedhomeip/issues/28679
https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf

Timeline

2024-11-27 14:41:23 UTC
CVE