Find a vulnerability
Search criteria
5 vulnerabilities by wizconnected
VAR-202104-0016
Vulnerability from variot - Updated: 2025-01-30 21:41An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.). No detailed vulnerability details are currently provided. The Lightbulb by default transmits privacy sensitive info to the cloud system.
[Reference] N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Willem Westerhof, Wouter Wessels, Jim Blankendaal, Jasper Nota from Qbit in assignment of the Consumentenbond. Use CVE-2020-11922
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "a60 colors",
"scope": "eq",
"trust": 1.0,
"vendor": "wizconnected",
"version": "1.14.0"
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": null
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": "wiz colors a60 firmware 1.14.0"
},
{
"model": "connected wiz colors a60",
"scope": "eq",
"trust": 0.6,
"vendor": "wiz",
"version": "1.14.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11922",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2020-11922",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-29834",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11922",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-11922",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11922",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-11922",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-29834",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-098",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11922",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.). No detailed vulnerability details are currently provided. The Lightbulb by default transmits privacy sensitive info to the cloud system. \n\n------------------------------------------\n\n[Reference]\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWillem Westerhof, Wouter Wessels, Jim Blankendaal, Jasper Nota from Qbit in assignment of the Consumentenbond. \nUse CVE-2020-11922",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "PACKETSTORM",
"id": "179801"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11922",
"trust": 4.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-29834",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-11922",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179801",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "PACKETSTORM",
"id": "179801"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"id": "VAR-202104-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-29834"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"home \u0026 office device"
],
"sub_category": "bulb",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-29834"
}
]
},
"last_update_date": "2025-01-30T21:41:40.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Smart\u00a0lighting\u00a0for\u00a0your\u00a0daily\u00a0living",
"trust": 0.8,
"url": "https://www.wizconnected.com/en/consumer/"
},
{
"title": "Patch for WiZ Connected WiZ Colors A60 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/259941"
},
{
"title": "WiZ Connected WiZ Colors A60 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147290"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"trust": 1.6,
"url": "https://cwe.mitre.org/data/definitions/201.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11922"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "PACKETSTORM",
"id": "179801"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"db": "PACKETSTORM",
"id": "179801"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
},
{
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"date": "2021-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179801"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-098"
},
{
"date": "2021-04-02T16:15:13.507000",
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"date": "2021-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11922"
},
{
"date": "2021-12-09T08:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-016466"
},
{
"date": "2022-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-098"
},
{
"date": "2024-11-21T04:58:54.733000",
"db": "NVD",
"id": "CVE-2020-11922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiZ Connected WiZ Colors A60 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29834"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-098"
}
],
"trust": 0.6
}
}
VAR-202104-0018
Vulnerability from variot - Updated: 2025-01-30 21:17An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. WiZ Colors A60 Contains a vulnerability in the plaintext storage of important information.Information may be obtained.
[Additional Information] Wi-Fi credentials are stored in plain-text on the light bulb. These credentials can be obtained by reading the flash memory directly using a logic analyzer.
[VulnerabilityType Other] Information disclosure
[Vendor of Product] WiZ Connected
[Affected Product Code Base] WiZ Colors A60 - 1.14.0
[Affected Component] WiZ Colors A60
[Attack Type] Physical
[Impact Information Disclosure] true
[Attack Vectors] Physical, access to the chip is required.
[Reference] N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Jasper Nota, Willem Westerhof, Wouter Wessels, Jim Blankendaal from Qbit in assignment of the Consumentenbond. Use CVE-2020-11924
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "colors a60",
"scope": "eq",
"trust": 1.0,
"vendor": "wizconnected",
"version": "1.14.0"
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": "wiz colors a60 firmware 1.14.0"
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11924",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-11924",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-11924",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11924",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-11924",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-083",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11924",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11924"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-083"
},
{
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. WiZ Colors A60 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. \n\n------------------------------------------\n\n[Additional Information]\nWi-Fi credentials are stored in plain-text on the light bulb. These\ncredentials can be obtained by reading the flash memory directly using\na logic analyzer. \n\n------------------------------------------\n\n[VulnerabilityType Other]\nInformation disclosure\n\n------------------------------------------\n\n[Vendor of Product]\nWiZ Connected\n\n------------------------------------------\n\n[Affected Product Code Base]\nWiZ Colors A60 - 1.14.0\n\n------------------------------------------\n\n[Affected Component]\nWiZ Colors A60\n\n------------------------------------------\n\n[Attack Type]\nPhysical\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nPhysical, access to the chip is required. \n\n------------------------------------------\n\n[Reference]\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nJasper Nota, Willem Westerhof, Wouter Wessels, Jim Blankendaal from Qbit in assignment of the Consumentenbond. \nUse CVE-2020-11924",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11924"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "VULMON",
"id": "CVE-2020-11924"
},
{
"db": "PACKETSTORM",
"id": "179803"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11924",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016453",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-083",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11924",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179803",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-11924"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "PACKETSTORM",
"id": "179803"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-083"
},
{
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"id": "VAR-202104-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T21:17:32.130000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wizconnected.com/en/"
},
{
"title": "WiZ Colors A60 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146625"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-083"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11924"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11924"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "PACKETSTORM",
"id": "179803"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-083"
},
{
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-11924"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"db": "PACKETSTORM",
"id": "179803"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-083"
},
{
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11924"
},
{
"date": "2021-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179803"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-083"
},
{
"date": "2021-04-02T19:15:18.663000",
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11924"
},
{
"date": "2021-12-08T02:32:00",
"db": "JVNDB",
"id": "JVNDB-2020-016453"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-083"
},
{
"date": "2024-11-21T04:58:55.033000",
"db": "NVD",
"id": "CVE-2020-11924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiZ\u00a0Colors\u00a0A60\u00a0 Vulnerability of important information in plaintext",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016453"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-083"
}
],
"trust": 0.6
}
}
VAR-202104-0017
Vulnerability from variot - Updated: 2025-01-30 20:29An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. WiZ Colors A60 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Applications use general logs to reflect all kind of information to the terminal. The WIZ application does also use logs, however instead of only generic information also API credentials are submitted to the android log. The information that is reflected in the logging can be used to perform authorised requests in behalf of the user and therefore controlling the lights just as the user can do using the application. In order to obtain the information access to the device logs is required. This can most easily be done via local access and also by other apps on rooted devices.
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] WiZ Connected
[Affected Product Code Base] WiZ Colors A60 - 1.14.0
[Affected Component] Wiz Android Application 1.15.0
[Attack Type] Physical
[Impact Information Disclosure] true
[Attack Vectors] Physical access or local root access on the mobile phone is required in order to exploit this issue.
[Reference] N/A
[Has vendor confirmed or acknowledged the vulnerability?] true
[Discoverer] Wouter Wessels, Willem Westerhof, Jasper Nota, Jim Blankendaal Use CVE-2020-11923
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wiz",
"scope": "eq",
"trust": 1.0,
"vendor": "wizconnected",
"version": "1.14.0"
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": "wiz colors a60 firmware 1.14.0"
},
{
"model": "colors a60",
"scope": "eq",
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": null
},
{
"model": "colors a60",
"scope": null,
"trust": 0.8,
"vendor": "wiz connected lighting",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Willem Westerhof | Secura",
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.1
},
"cve": "CVE-2020-11923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11923",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-11923",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-11923",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11923",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-11923",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11923",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11923"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-084"
},
{
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. WiZ Colors A60 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. \nApplications use general logs to reflect all kind of information to the\nterminal. The WIZ application does also use logs, however instead of\nonly generic information also API credentials are submitted to the\nandroid log. The information that is reflected in the logging can be\nused to perform authorised requests in behalf of the user and therefore\ncontrolling the lights just as the user can do using the application. \nIn order to obtain the information access to the device logs is\nrequired. This can most easily be done via local access and also by\nother apps on rooted devices. \n\n------------------------------------------\n\n[Vulnerability Type]\nIncorrect Access Control\n\n------------------------------------------\n\n[Vendor of Product]\nWiZ Connected\n\n------------------------------------------\n\n[Affected Product Code Base]\nWiZ Colors A60 - 1.14.0\n\n------------------------------------------\n\n[Affected Component]\nWiz Android Application 1.15.0\n\n------------------------------------------\n\n[Attack Type]\nPhysical\n\n------------------------------------------\n\n[Impact Information Disclosure]\ntrue\n\n------------------------------------------\n\n[Attack Vectors]\nPhysical access or local root access on the mobile phone is required in order to exploit this issue. \n\n------------------------------------------\n\n[Reference]\nN/A\n\n------------------------------------------\n\n[Has vendor confirmed or acknowledged the vulnerability?]\ntrue\n\n------------------------------------------\n\n[Discoverer]\nWouter Wessels, Willem Westerhof, Jasper Nota, Jim Blankendaal\nUse CVE-2020-11923",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11923"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "VULMON",
"id": "CVE-2020-11923"
},
{
"db": "PACKETSTORM",
"id": "179802"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11923",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016452",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-084",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11923",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179802",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-11923"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "PACKETSTORM",
"id": "179802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-084"
},
{
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"id": "VAR-202104-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"last_update_date": "2025-01-30T20:29:02.868000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.wizconnected.com/en/"
},
{
"title": "WiZ Connected WiZ Colors A60 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146626"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11923"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/jul/14"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11923"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "PACKETSTORM",
"id": "179802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-084"
},
{
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2020-11923"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"db": "PACKETSTORM",
"id": "179802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-084"
},
{
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-26T13:11:06",
"db": "OTHER",
"id": null
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11923"
},
{
"date": "2021-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"date": "2024-07-30T12:35:43",
"db": "PACKETSTORM",
"id": "179802"
},
{
"date": "2021-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-084"
},
{
"date": "2021-04-02T19:15:18.553000",
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11923"
},
{
"date": "2021-12-08T02:32:00",
"db": "JVNDB",
"id": "JVNDB-2020-016452"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-084"
},
{
"date": "2024-11-21T04:58:54.883000",
"db": "NVD",
"id": "CVE-2020-11923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "179802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-084"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiZ\u00a0Colors\u00a0A60\u00a0 Vulnerability of important information in plaintext",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016452"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-084"
}
],
"trust": 0.6
}
}
CVE-2020-11923 (GCVE-0-2020-11923)
Vulnerability from nvd – Published: 2021-04-02 18:08 – Updated: 2024-08-04 11:42- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:07:47.377Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11923",
"datePublished": "2021-04-02T18:08:57.000Z",
"dateReserved": "2020-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11923 (GCVE-0-2020-11923)
Vulnerability from cvelistv5 – Published: 2021-04-02 18:08 – Updated: 2024-08-04 11:42- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T00:07:47.377Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-wiz-smart-lightbulbs/"
},
{
"name": "20240729 Bunch of IoT CVEs",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11923",
"datePublished": "2021-04-02T18:08:57.000Z",
"dateReserved": "2020-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}