CVE-2018-7580

Philips Hue Denial of Service

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.

Philips Hue es vulnerable a un ataque de Denegación de Servicio. El envío de una inundación de SYN en el puerto tcp/80 congelará el concentrador de Philips Hue y dejará de responder. El "hub" dejará de funcionar y se congelará hasta que se detenga la inundación. Durante la inundación, el usuario no podrá encender y apagar las luces y todas las funciones del hub dejarán de responder. El servicio en la nube tampoco funcionará con el concentrador

Philips Hue hubs suffer from a denial of service vulnerability via simple SYN floods.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-03-01 CVE Reserved
2020-12-21 CVE Published
2020-12-26 First Exploit
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://packetstorm.news/files/id/160724	2020-12-26
http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html	2024-08-05
http://seclists.org/fulldisclosure/2020/Dec/51	2024-08-05
https://www.iliashn.com/CVE-2018-7580	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Philips Search vendor "Philips"	Hue Firmware Search vendor "Philips" for product "Hue Firmware"	*	-	Affected	in	Philips Search vendor "Philips"	Hue Search vendor "Philips" for product "Hue"	-	-	Safe