TrendMakers Sight Bulb Pro

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to capture sensitive information and execute arbitrary shell commands on the target device as root if connected to the local network segment.

CVEs (2)

Remediations

• TrendMakers did not respond to CISA's request for coordination. Please contact TrendMakers for more information.
• CISA recommends that device users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
• The encryption key is sent in the clear only during the initial device setup when the Sight Bulb Pro acts as an access point. Take appropriate physical security measures to minimize the risk of remote network captures or monitoring.
• Utilize network monitoring or signature based detection to monitor for malicious activity.

Affected Vendors

Affected Products (1)

Affected Sectors

Commercial Facilities