CVE-2017-14797

CVE-2017-14797

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.

Source: CVE-2017-14797

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다