VAR-201704-0127
Vulnerability from variot - Updated: 2025-04-20 20:57OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. OSRAM SYLVANIA Osram Lightify Home Contains an information disclosure vulnerability.Information may be obtained. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services.
There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. OSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26 have security vulnerabilities, which originated from the program storing the PSK in the / private / var / mobile / Containers / Data / Application directory in clear text. An attacker could use this vulnerability to extract data from a file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sylvania osram lightify home",
"scope": "lt",
"trust": 3.0,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify home",
"scope": "lte",
"trust": 1.0,
"vendor": "osram",
"version": "1.6.1"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.8,
"vendor": "osram",
"version": "2016-07-26"
},
{
"model": "lightify home",
"scope": "eq",
"trust": 0.6,
"vendor": "osram",
"version": "1.6.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:osram:lightify_home",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
}
]
},
"cve": "CVE-2016-5051",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5051",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12296",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12297",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12295",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12299",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12298",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5051",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5051",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5051",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-12297",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-12295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-12299",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-12298",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-519",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. OSRAM SYLVANIA Osram Lightify Home Contains an information disclosure vulnerability.Information may be obtained. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services. \r\n\r\n\r\nThere are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. \nOSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26 have security vulnerabilities, which originated from the program storing the PSK in the / private / var / mobile / Containers / Data / Application directory in clear text. An attacker could use this vulnerability to extract data from a file",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5051"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5051",
"trust": 5.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-12296",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12297",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12295",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12299",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-12298",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"id": "VAR-201704-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
}
],
"trust": 4.0
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 3.0
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
}
]
},
"last_update_date": "2025-04-20T20:57:53.302000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LIGHTIFY - smart connected light",
"trust": 0.8,
"url": "https://www.osram.com/osram_com/tools-and-services/tools/lightify---smart-connected-light/"
},
{
"title": "OSRAM SYLVANIA Osram Lightify Home Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70159"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.4,
"url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5051"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5051"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"date": "2017-04-10T03:59:01.297000",
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12296"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12297"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12295"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12298"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008312"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-519"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-5051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OSRAM SYLVANIA Osram Lightify Home Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12299"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-519"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…