Level 36
Security researchers taking a closer look at the Philips Hue smart bulbs and the bridge device that connects them discovered a vulnerability that helped them compromise more meaningful systems on the local network.

The security flaw was discovered is in the ZigBee wireless communication protocol that is used by a wide range of smart home devices.

From bulb to bridge to network

Tracked as CVE-2020-6007, the bug has a severity score of 7.9 out of 10. It is a heap buffer overflow that can be exploited remotely in Philips Hue Bridge model 2.x to execute arbitrary code. Affected firmware versions are up to 1935144020, released on January 13.


Level 42
Content Creator
Malware Hunter

Very interesting IMO as the market for this type of IOT ( Internet of Things ) devices are huge.
Could attackers somehow bridge the gap between the physical IoT network (the lightbulbs) and attack even more appealing targets, such as the computer network in our homes, offices or even our smart city? And the answer is: Yes.
Last edited: