Skip to main content

Hue Bridge CVE-2026-3555

| EUVDEUVD-2026-12156 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-03-13 zdi
8.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 14:52 vuln.today
cvss_changed
EUVD ID Assigned
Mar 13, 2026 - 21:01 euvd
EUVD-2026-12156
Analysis Generated
Mar 13, 2026 - 21:01 vuln.today
CVE Published
Mar 13, 2026 - 20:36 nvd
HIGH 8.0

DescriptionCVE.org

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process.

The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. The issue results from the lack of proper validation of the size of data prior to copying it to a fixed-size heap buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28276.

AnalysisAI

Heap-based buffer overflow vulnerability in the Philips Hue Bridge's Zigbee stack that allows network-adjacent attackers to execute arbitrary code when users initiate device pairing. The vulnerability affects all versions of Philips Hue Bridge and has a CVSS score of 8.0, requiring physical proximity and user interaction to exploit. No EPSS data or KEV listing is available, suggesting this is not actively exploited in the wild.

Technical ContextAI

The vulnerability exists in the Zigbee ZCL (Zigbee Cluster Library) frame handling within the Model Info download functionality of the Philips Hue Bridge (CPE: cpe:2.3:a:philips:hue_bridge:*:*:*:*:*:*:*:*). This is a classic heap buffer overflow (CWE-122) where the application fails to validate the size of incoming data before copying it to a fixed-size heap buffer. Zigbee is a low-power wireless protocol commonly used in IoT devices, and the ZCL provides standard device behaviors and communication protocols. The flaw specifically manifests when processing custom Zigbee frames during the device pairing process.

RemediationAI

No specific patch information or version numbers are available in the provided references. The Zero Day Initiative advisory (https://www.zerodayinitiative.com/advisories/ZDI-26-153/) should be consulted for vendor response details. As an immediate mitigation: 1) Limit physical access to areas where Hue Bridge is deployed, 2) Only initiate device pairing when necessary and with trusted devices, 3) Monitor for unexpected pairing attempts, 4) Check Philips Hue support channels for firmware updates. Contact Philips/Signify support for patch availability.

Share

CVE-2026-3555 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy