{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T14:19:37.900","vulnerabilities":[{"cve":{"id":"CVE-2022-39064","sourceIdentifier":"disclosure@synopsys.com","published":"2022-10-14T16:15:18.417","lastModified":"2025-05-15T15:16:00.897","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"lang":"es","value":"Un atacante enviando una sola trama malformada IEEE 802.15.4 (Zigbee) hace que la bombilla TRÅDFRI parpadee, y si reproduce (es decir, reenvía) la misma trama varias veces, la bombilla lleva a cabo un reinicio de fábrica. Esto causa que la bombilla pierda la información de configuración de la red Zigbee y el nivel de luminosidad actual. Después de este ataque, todas las luces son encendidas con el brillo máximo, y un usuario no puede controlar las bombillas ni con la app IKEA Home Smart ni con el mando a distancia TRÅDFRI. La trama Zigbee malformada es un mensaje de difusión no autenticado, lo que significa que todos los dispositivos vulnerables dentro del rango de radio están afectados. CVSS 3.1, Puntuación Base 7.1, Vector: CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@synopsys.com","type":"Secondary","description":[{"lang":"en","value":"CWE-241"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ikea:tradfri_led1732g11_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"EE26E91E-D3AB-471A-B3BB-0EB928F75B1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ikea:tradfri_led1732g11:-:*:*:*:*:*:*:*","matchCriteriaId":"5A875365-811A-41E2-8A25-63BF0E4A31B2"}]}]}],"references":[{"url":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/","source":"disclosure@synopsys.com","tags":["Third Party Advisory"]},{"url":"https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}