iot-sec23/IoT-CVE

Releases0

This repo includes the CVEs that discovered by our research group.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-34596 ↗	Jun 20, 2023Tuesday, 20 June 2023, 13:15	6.5 MEDIUM	—
A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
CVE-2023-34597 ↗	Jun 20, 2023Tuesday, 20 June 2023, 13:15	6.5 MEDIUM	—
A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
CVE-2023-29779 ↗	Apr 25, 2023Tuesday, 25 April 2023, 14:15	7.5 HIGH	—
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.
CVE-2023-29780 ↗	Apr 24, 2023Monday, 24 April 2023, 19:15	7.5 HIGH	—
Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.
CVE-2023-24678 ↗	Mar 17, 2023Friday, 17 March 2023, 21:15	7.5 HIGH	—
A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message.
CVE-2022-47100 ↗	Jan 26, 2023Thursday, 26 January 2023, 21:18	7.5 HIGH	—
A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.