CVE-2024-9991

EUVD-2024-50270

25.10.2024, 13:15

This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device.

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
signify_innovations_india	phillips_smart_wi-fi_led_batten_24-watt_firmware	𝑥 < 1.33.1	ADP
signify_innovations_india	phillips_smart_t-bulb_12-watt_firmware	𝑥 < 1.33.1	ADP
signify_innovations_india	phillips_smart_t-bulb_10-watt_firmware	𝑥 < 1.33.1	ADP
signify_innovations_india	phillips_smart_bulb_9-watt_firmware	𝑥 < 1.33.1	ADP
signify_innovations_india	phillips_smart_bulb_10-watt_firmware	𝑥 < 1.33.1	ADP
signify_innovations_india	phillips_smart_bulb_12-watt_firmware	𝑥 < 1.33.1	ADP
signify_innovations_india	phillips_smart_wi-fi_led_t_beamer_20-watt_firmware	𝑥 < 1.33.1	ADP

Common Weakness Enumeration

CWE-312 - Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0329