Search
Find a vulnerability
Search criteria
23 vulnerabilities by osram
VAR-201704-0134
Vulnerability from variot - Updated: 2025-04-20 22:50OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. OSRAM SYLVANIA Osram Lightify Pro Contains an access control vulnerability.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Pro is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. An attacker could use this vulnerability to obtain and re-execute used commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lightify pro",
"scope": "lte",
"trust": 1.0,
"vendor": "osram",
"version": null
},
{
"model": "lightify pro",
"scope": "lte",
"trust": 0.8,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "sylvania osram lightify home",
"scope": "lt",
"trust": 0.6,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify pro",
"scope": "eq",
"trust": 0.6,
"vendor": "osram",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
},
{
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osram:lightify_pro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
}
]
},
"cve": "CVE-2016-5058",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5058",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12295",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5058",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5058",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5058",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-512",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
},
{
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. OSRAM SYLVANIA Osram Lightify Pro Contains an access control vulnerability.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Pro is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. \nThere are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. An attacker could use this vulnerability to obtain and re-execute used commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5058"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5058",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008319",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-12295",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-512",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
},
{
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"id": "VAR-201704-0134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"home \u0026 office device"
],
"sub_category": "lighting device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
}
]
},
"last_update_date": "2025-04-20T22:50:54.469000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LIGHTIFY Pro",
"trust": 0.8,
"url": "https://www.osram.com/osram_com/tools-and-services/tools/lightify---smart-connected-light/lightify-pro---intelligent%2c-connected-light-for-professional-applications/index.jsp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5058"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5058"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
},
{
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
},
{
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-512"
},
{
"date": "2017-04-10T03:59:01.497000",
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008319"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-512"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-5058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Pro Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008319"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-512"
}
],
"trust": 0.6
}
}
VAR-201704-0130
Vulnerability from variot - Updated: 2025-04-20 22:50OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. OSRAM SYLVANIA Osram Lightify Home Contains an access control vulnerability.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Home 2016-07-26 and previous versions. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lightify home",
"scope": "lte",
"trust": 1.0,
"vendor": "osram",
"version": "1.6.1"
},
{
"model": "lightify home",
"scope": "lte",
"trust": 0.8,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "sylvania osram lightify home",
"scope": "lt",
"trust": 0.6,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.6,
"vendor": "osram",
"version": "1.6.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
},
{
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osram:lightify_home",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
}
]
},
"cve": "CVE-2016-5054",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5054",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12296",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5054",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5054",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5054",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-516",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
},
{
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. OSRAM SYLVANIA Osram Lightify Home Contains an access control vulnerability.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. \nThere are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Home 2016-07-26 and previous versions. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5054"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5054",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008315",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-12296",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-516",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
},
{
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"id": "VAR-201704-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"home \u0026 office device"
],
"sub_category": "lighting device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
}
]
},
"last_update_date": "2025-04-20T22:50:54.200000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LIGHTIFY - smart connected light",
"trust": 0.8,
"url": "https://www.osram.com/osram_com/tools-and-services/tools/lightify---smart-connected-light/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5054"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5054"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
},
{
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
},
{
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-516"
},
{
"date": "2017-04-10T03:59:01.390000",
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008315"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-516"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-5054"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008315"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-516"
}
],
"trust": 0.6
}
}
VAR-201704-0127
Vulnerability from variot - Updated: 2025-04-20 20:57OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. OSRAM SYLVANIA Osram Lightify Home Contains an information disclosure vulnerability.Information may be obtained. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services.
There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. OSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26 have security vulnerabilities, which originated from the program storing the PSK in the / private / var / mobile / Containers / Data / Application directory in clear text. An attacker could use this vulnerability to extract data from a file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sylvania osram lightify home",
"scope": "lt",
"trust": 3.0,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify home",
"scope": "lte",
"trust": 1.0,
"vendor": "osram",
"version": "1.6.1"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.8,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.6,
"vendor": "osram",
"version": "1.6.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osram:lightify_home",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
}
]
},
"cve": "CVE-2016-5051",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5051",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12296",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12297",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12295",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12299",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12298",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5051",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5051",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5051",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-12297",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-12295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-12299",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-12298",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-519",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. OSRAM SYLVANIA Osram Lightify Home Contains an information disclosure vulnerability.Information may be obtained. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services. \r\n\r\n\r\nThere are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. \nOSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26 have security vulnerabilities, which originated from the program storing the PSK in the / private / var / mobile / Containers / Data / Application directory in clear text. An attacker could use this vulnerability to extract data from a file",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5051"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5051",
"trust": 5.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-12296",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12297",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12295",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12299",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12298",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"id": "VAR-201704-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
}
],
"trust": 4.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 3.0
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
}
]
},
"last_update_date": "2025-04-20T20:57:53.302000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LIGHTIFY - smart connected light",
"trust": 0.8,
"url": "https://www.osram.com/osram_com/tools-and-services/tools/lightify---smart-connected-light/"
},
{
"title": "OSRAM SYLVANIA Osram Lightify Home Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70159"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.4,
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5051"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5051"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"date": "2017-04-10T03:59:01.297000",
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 0.6
}
}
VAR-201704-0128
Vulnerability from variot - Updated: 2025-04-20 20:16OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. OSRAM SYLVANIA Osram Lightify Home Contains vulnerabilities related to security features.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. Attackers can use this vulnerability to perform man-in-the-middle attacks to obtain SSL encrypted traffic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lightify home",
"scope": "lte",
"trust": 1.0,
"vendor": "osram",
"version": "1.6.1"
},
{
"model": "lightify home",
"scope": "lte",
"trust": 0.8,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "sylvania osram lightify home",
"scope": "lt",
"trust": 0.6,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.6,
"vendor": "osram",
"version": "1.6.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
},
{
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osram:lightify_home",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
}
]
},
"cve": "CVE-2016-5052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5052",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12298",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5052",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5052",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5052",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12298",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-518",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
},
{
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. OSRAM SYLVANIA Osram Lightify Home Contains vulnerabilities related to security features.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. Attackers can use this vulnerability to perform man-in-the-middle attacks to obtain SSL encrypted traffic",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5052"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5052",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008313",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-12298",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-518",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
},
{
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"id": "VAR-201704-0128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12298"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12298"
}
]
},
"last_update_date": "2025-04-20T20:16:10.984000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LIGHTIFY - smart connected light",
"trust": 0.8,
"url": "https://www.osram.com/osram_com/tools-and-services/tools/lightify---smart-connected-light/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5052"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5052"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
},
{
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
},
{
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-518"
},
{
"date": "2017-04-10T03:59:01.343000",
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008313"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-518"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-5052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008313"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-518"
}
],
"trust": 0.6
}
}
VAR-201704-0129
Vulnerability from variot - Updated: 2025-04-20 20:00OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. OSRAM SYLVANIA Osram Lightify Home has a security vulnerability in versions prior to 2016-07-26
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lightify home",
"scope": "lte",
"trust": 1.0,
"vendor": "osram",
"version": "1.6.1"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.8,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "sylvania osram lightify home",
"scope": "lt",
"trust": 0.6,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.6,
"vendor": "osram",
"version": "1.6.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osram:lightify_home",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
}
]
},
"cve": "CVE-2016-5053",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5053",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12297",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5053",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5053",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5053",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-12297",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-517",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5053",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "VULMON",
"id": "CVE-2016-5053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. \nOSRAM SYLVANIA Osram Lightify Home has a security vulnerability in versions prior to 2016-07-26",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"db": "VULMON",
"id": "CVE-2016-5053"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5053",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008314",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-12297",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-5053",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "VULMON",
"id": "CVE-2016-5053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"id": "VAR-201704-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12297"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12297"
}
]
},
"last_update_date": "2025-04-20T20:00:26.705000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LIGHTIFY - smart connected light",
"trust": 0.8,
"url": "https://www.osram.com/osram_com/tools-and-services/tools/lightify---smart-connected-light/"
},
{
"title": "OSRAM SYLVANIA Osram Lightify Home Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70158"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5053"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5053"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "VULMON",
"id": "CVE-2016-5053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "VULMON",
"id": "CVE-2016-5053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5053"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"date": "2017-04-10T03:59:01.357000",
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5053"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008314"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-517"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-5053"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008314"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-517"
}
],
"trust": 0.6
}
}
CVE-2016-5059 (GCVE-0-2016-5059)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.
Severity
No CVSS data available.
CWE
- Cached Screenshot Information Leak
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cached Screenshot Information Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cached Screenshot Information Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5059",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5058 (GCVE-0-2016-5058)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.
Severity
No CVSS data available.
CWE
- ZigBee Network Command Replay
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ZigBee Network Command Replay",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ZigBee Network Command Replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5058",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5057 (GCVE-0-2016-5057)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.
Severity
No CVSS data available.
CWE
- Lack of SSL Pinning
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of SSL Pinning",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of SSL Pinning"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5057",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5056 (GCVE-0-2016-5056)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
Severity
No CVSS data available.
CWE
- Weak Default WPA2 PSKs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Default WPA2 PSKs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Default WPA2 PSKs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5056",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5055 (GCVE-0-2016-5055)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5055",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5054 (GCVE-0-2016-5054)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.
Severity
No CVSS data available.
CWE
- ZigBee Network Command Replay
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ZigBee Network Command Replay",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ZigBee Network Command Replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5054",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5053 (GCVE-0-2016-5053)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.
Severity
No CVSS data available.
CWE
- Pre-Authentication Command Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pre-Authentication Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pre-Authentication Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5053",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5052 (GCVE-0-2016-5052)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.
Severity
No CVSS data available.
CWE
- Lack of SSL Pinning
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of SSL Pinning",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of SSL Pinning"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5052",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5051 (GCVE-0-2016-5051)
Vulnerability from nvd – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.
Severity
No CVSS data available.
CWE
- Cleartext WPA2 PSK
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext WPA2 PSK",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext WPA2 PSK"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5051",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5058 (GCVE-0-2016-5058)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.
Severity
No CVSS data available.
CWE
- ZigBee Network Command Replay
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ZigBee Network Command Replay",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ZigBee Network Command Replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5058",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5054 (GCVE-0-2016-5054)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.
Severity
No CVSS data available.
CWE
- ZigBee Network Command Replay
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ZigBee Network Command Replay",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ZigBee Network Command Replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5054",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5056 (GCVE-0-2016-5056)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.
Severity
No CVSS data available.
CWE
- Weak Default WPA2 PSKs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Weak Default WPA2 PSKs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weak Default WPA2 PSKs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5056",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5051 (GCVE-0-2016-5051)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.
Severity
No CVSS data available.
CWE
- Cleartext WPA2 PSK
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext WPA2 PSK",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext WPA2 PSK"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5051",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5053 (GCVE-0-2016-5053)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.
Severity
No CVSS data available.
CWE
- Pre-Authentication Command Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pre-Authentication Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pre-Authentication Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5053",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5057 (GCVE-0-2016-5057)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.
Severity
No CVSS data available.
CWE
- Lack of SSL Pinning
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of SSL Pinning",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of SSL Pinning"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5057",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5052 (GCVE-0-2016-5052)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.
Severity
No CVSS data available.
CWE
- Lack of SSL Pinning
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of SSL Pinning",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of SSL Pinning"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5052",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5055 (GCVE-0-2016-5055)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5055",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5059 (GCVE-0-2016-5059)
Vulnerability from cvelistv5 – Published: 2017-04-10 03:00 – Updated: 2024-08-06 00:46
VLAI
Summary
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.
Severity
No CVSS data available.
CWE
- Cached Screenshot Information Leak
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 |
Affected:
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26
|
Date Public
2017-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
],
"datePublic": "2017-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cached Screenshot Information Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T02:57:02.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26",
"version": {
"version_data": [
{
"version_value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cached Screenshot Information Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5059",
"datePublished": "2017-04-10T03:00:00.000Z",
"dateReserved": "2016-05-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}