Vulnerabilities > CVE-2022-39065 - Unspecified vulnerability in Ikea Tradfri Gateway E1526 Firmware 1.17.44

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

ikea

NVD

Published: 2022-10-14

Updated: 2022-10-18

Summary

A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerable Configurations

Part	Description	Count
OS	Ikea Ikea Tradfri Gateway E1526 Firmware - Ikea Tradfri Gateway E1526 Firmware 1.17.44	2
Hardware	Ikea Ikea Tradfri Gateway E1526 -	1

References

https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting-gateway/