Contiki OS

Notified:  September 01, 2014 Updated: October 27, 2014

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

lwIP

Notified:  August 14, 2014 Updated: October 21, 2014

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics

Notified:  September 09, 2014 Updated: August 27, 2015

Statement Date:   August 26, 2015

Status

  Affected

Vendor Statement

The CERT/CC reached out to Philips Electronics after originally discovering the vulnerability in the Philips Hue product, which utilizes lwIP for its TCP/IP stack. Philips provided the following response: "This issue has been investigated. Application-layer authentication prevents exploitation affecting confidentiality or integrity of Hue communication, data, firmware updates, etc. Hue Bridge software update 01018228 that fixes this issue is available since December 2014. Users can upgrade via the Hue app."

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www2.meethue.com/en-us/ http://www.usa.philips.com/

Thingsquare

Notified:  September 11, 2014 Updated: October 27, 2014

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.