CVE-2022-39064

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVSS v3.0 8.1 HIGH

8.1^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/	Third Party Advisory
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ikea:tradfri_led1732g11_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ikea:tradfri_led1732g11:-:*:*:*:*:*:*:*

History

15 May 2025, 15:16

Type	Values Removed	Values Added
References	~~(MISC) https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/ - Third Party Advisory~~	() https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/ - Third Party Advisory

Information

Published : 2022-10-14 16:15

Updated : 2025-05-15 15:16

NVD link : CVE-2022-39064

Mitre link : CVE-2022-39064

JSON object : View

Products Affected

ikea

tradfri_led1732g11
tradfri_led1732g11_firmware

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/", "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/", "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\u00c5DFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TR\u00c5DFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-39064", "ASSIGNER": "disclosure@synopsys.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}}, "publishedDate": "2022-10-14T16:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ikea:tradfri_led1732g11_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ikea:tradfri_led1732g11:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-15T15:16Z"}