During the initial setup of the device the user connects to an access
point broadcast by the Sight Bulb Pro. During the negotiation, AES
Encryption keys are passed in cleartext. If captured, an attacker may be
able to decrypt communications between the management app and the Sight
Bulb Pro which may include sensitive information such as network
credentials.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Jun 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 27 Jun 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which may include sensitive information such as network credentials. | |
Title | TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm | |
Weaknesses | CWE-327 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published: 2025-06-27T17:06:55.087Z
Updated: 2025-06-27T17:29:48.416Z
Reserved: 2025-06-23T13:37:59.789Z
Link: CVE-2025-6521

Updated: 2025-06-27T17:29:33.633Z

Status : Awaiting Analysis
Published: 2025-06-27T17:15:35.073
Modified: 2025-06-30T18:38:23.493
Link: CVE-2025-6521

No data.