MidnightBSD

Advisories for osram

CVE-2016-5051 MEDIUM

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
osram lightify_home *
CVE-2016-5052 MEDIUM

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
osram lightify_home *
CVE-2016-5053 HIGH

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
osram lightify_home *
CVE-2016-5054 MEDIUM

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
osram lightify_home *
CVE-2016-5055 MEDIUM

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
osram lightify_pro *
CVE-2016-5056 MEDIUM

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
osram lightify_pro *
CVE-2016-5057 MEDIUM

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
osram lightify_pro *
CVE-2016-5058 MEDIUM

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
osram lightify_pro *
CVE-2016-5059 MEDIUM

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
osram lightify_pro *