CVE-2024-9991

Published: Oct 25, 2024

Modified: Oct 25, 2024

PUBLISHED

Description

This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected.

Vendor	Product	Versions
Philips Lighting (Signify Innovations India)	Philips Smart Wi-Fi LED Batten 24-Watt	affected `<1.33.1`
Philips Lighting (Signify Innovations India)	Philips Smart Wi-Fi LED T Beamer 20-Watt	affected `<1.33.1`
Philips Lighting (Signify Innovations India)	Philips Smart Bulb 9,10,12-Watt	affected `<1.33.1`
Philips Lighting (Signify Innovations India)	Philips Smart T-Bulb 10,12-Watt	affected `<1.33.1`

Weaknesses (CWE)

CWE-312

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0329

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-9991

Description

Affected Products

Weaknesses (CWE)

References