Nanoleaf

nanoleaf

4 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Lightstrip Firmware

lightstrip_firmware

Nanoleaf Desktop

nanoleaf_desktop

Nanoleaf Firmware

nanoleaf_firmware

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-45955 1Nanoleaf 1Lightstrip Firmware Nov 21, 2024 Oct 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.
CVE-2023-42189 9Eve GoveeNanoleaf+6 more 9Eve Door And Window Firmware Hub2 FirmwareHue Bridge Firmware+6 more Nov 21, 2024 Oct 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030...Show more Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.Show less
CVE-2022-47758 1Nanoleaf 1Nanoleaf Firmware Jan 31, 2025 Apr 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.
CVE-2022-46640 1Nanoleaf 1Nanoleaf Desktop Feb 6, 2025 Apr 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request.