CVE-2023-42189 (eve_door_and_window_firmware, hub2_firmware, hue_hub_firmware, led_strip_firmware, lightstrip_firmware, mini_smart_wi-fi_plug_firmware, smart_bulb_firmware, smart_lamp_firmware, smart_plug_firmware)

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

1.0.0 1.1.0 alliance attacker connectivity cve denial of service function hue insecure lamp led matter official permissions phillips hue script sdk service smart standards vulnerability