Philips Hue Bridge V2 Firmware vulnerabilities
9 known vulnerabilities affecting philips/hue_bridge_v2_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH9
Vulnerabilities
Page 1 of 1
CVE-2026-3556P2HIGHCVSS 8.8fixed in 19751700002026-03-16
CVE-2026-3556 [HIGH] CWE-122 CVE-2026-3556: Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the hk_hap_pair_storage_put fu
nvd
CVE-2026-3560P2HIGHCVSS 8.8fixed in 19751700002026-03-16
CVE-2026-3560 [HIGH] CWE-122 CVE-2026-3560: Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the hk_hap_pair_st
nvd
CVE-2026-3562P3HIGHCVSS 8.8fixed in 19751700002026-03-16
CVE-2026-3562 [HIGH] CWE-347 CVE-2026-3562: Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This v
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ed25519_sign_open function. The is
nvd
CVE-2026-3558P3HIGHCVSS 8.1fixed in 19751700002026-03-16
CVE-2026-3558 [HIGH] CWE-306 CVE-2026-3558: Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerabi
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the Ho
nvd
CVE-2026-3557P3HIGHCVSS 8.0fixed in 19751700002026-03-16
CVE-2026-3557 [HIGH] CWE-122 CVE-2026-3557: Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Ex
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism
nvd
CVE-2026-3561P3HIGHCVSS 8.0fixed in 19751700002026-03-16
CVE-2026-3561 [HIGH] CWE-122 CVE-2026-3561: Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerabi
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
nvd
CVE-2026-3559P3HIGHCVSS 8.1fixed in 19751700002026-03-16
CVE-2026-3559 [HIGH] CWE-323 CVE-2026-3559: Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the SRP authenti
nvd
CVE-2026-3555P3HIGHCVSS 8.0fixed in 19751700002026-03-16
CVE-2026-3555 [HIGH] CWE-122 CVE-2026-3555: Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execut
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing
nvd
CVE-2020-6007P3HIGHCVSS 7.9≤ 19351440202020-01-23
CVE-2020-6007 [HIGH] CWE-122 CVE-2020-6007: Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
nvd