How severe is CVE-2022-39064?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-39064?

This is classified as CWE-241, which is a common weakness in software security.

CVE-2022-39064 - HIGH Severity | CVSS 8.1

Vulnerability Description

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Related Vulnerabilities

CVE-2022-29181

HIGH

CVSS:8.2(High)

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted input...

CWE-2412022

CVE-2021-39131

HIGH

CVSS:7.5(High)

ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1...

CWE-2412021

CVE-2021-40116

HIGH

CVSS:7.5(High)

Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulne...

CWE-2412021

CVE-2022-1642

HIGH

CVSS:7.5(High)

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability ...

CWE-2412022

CVE-2022-20730

HIGH

CVSS:7.5(High)

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed....

CWE-2412022

CVE-2022-24668

HIGH

CVSS:7.5(High)

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.1...

CWE-2412022