CVE-2020-6007
published 2020-01-23CVE-2020-6007: Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the…
PriorityP339high7.9CVSS 3.1
AVAACHPRNUIRSCCHIHAH
EPSS
2.11%
79.5th percentile
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| philips | hue_bridge_v2_firmware | <= 1935144020 | — |
CVSS provenance
nvdv3.17.9HIGHCVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:A/AC:H/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
Don’t be silly – it’s only a lightbulb
blogs_checkpoint·2020-08-07
CVE-2020-6007 Don’t be silly – it’s only a lightbulb
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Don’t be silly – it’s only a lightbulb
Research by: Eyal Itkin
## Background
Everyone is familiar with the concept of IoT, the Internet of Things, but how many have heard of smart ligh
Checkpoint
Safe-Linking – Eliminating a 20 year-old malloc() exploit primitive
blogs_checkpoint·2020-05-21
CVE-2020-6007 Safe-Linking – Eliminating a 20 year-old malloc() exploit primitive
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Safe-Linking – Eliminating a 20 year-old malloc() exploit primitive
Research by: Eyal Itkin
## Overview
One of our goals for every research project we work on in Check Point Research i
Trendmicro
ZDI Bug Hunters Rake in $1.5 M
blogs_trendmicro·2020-02-07
ZDI Bug Hunters Rake in $1.5 M
Malware
# ZDI Bug Hunters Rake in $1.5 M
Read about Trend Micro Zero Day Initiative’s $1.5 million in awards and other noteworthy milestones in 2019. Also, learn about a crafty malware that makes you retype your passwords to steal them for credit card information and other personal data.
By: Jon Clay
2020/02/07
Read time: ( words)
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro Zero Day Initiative’s $1.5 million in awards and other noteworthy milestones in 2019. Also, learn about a crafty malware that makes you retype your passwords so it can steal them for credit card information and other personal data.
Read on:
#### Four Reasons Your C
2020-01-23
Published