CVE-2021-33017 HIGH

CVE-2021-33017: Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel

Vendor Philips
Product IntelliBridge EC 40 Hub
Weakness CWE-288
Published December 27, 2021
Last update September 16, 2024

CVSS base score

8.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

Key dates

02Disclosure timeline

December 27, 2021 CVE published
September 16, 2024 Record updated