CVE-2024-9991

Cleartext Storage of Sensitive Information Vulnerability in Philips Lighting Devices

Description

This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected.

Remediation

Solution:

Upgrade Philips Smart Wi-Fi LED Batten 24-Watt, LED T Beamer 20-Watt, Smart Bulb 9,10,12-Watt and Smart T-Bulb 10,12-Watt to version 1.33.1

References

Link	Tags
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0329	third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-9991?: CVE-2024-9991 has been scored as a high severity vulnerability.
How to fix CVE-2024-9991?: To fix CVE-2024-9991: Upgrade Philips Smart Wi-Fi LED Batten 24-Watt, LED T Beamer 20-Watt, Smart Bulb 9,10,12-Watt and Smart T-Bulb 10,12-Watt to version 1.33.1
Is CVE-2024-9991 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-9991 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9991?: CVE-2024-9991 affects Philips Lighting (Signify Innovations India) Philips Smart Wi-Fi LED Batten 24-Watt, Philips Lighting (Signify Innovations India) Philips Smart Wi-Fi LED T Beamer 20-Watt, Philips Lighting (Signify Innovations India) Philips Smart Bulb 9,10,12-Watt, Philips Lighting (Signify Innovations India) Philips Smart T-Bulb 10,12-Watt.

Description

Remediation

Category

CWE-312 – Cleartext Storage of Sensitive Information

References

Frequently Asked Questions