216.73.216.75

CVE-2026-33268

· Published 25/03/2026 15:16 · Modified 25/03/2026 16:16

Labels: CVE-2026-33268 2026-03-259119a7d8-5eab-497f-8521-727c672e3725CVE-2026-33268CWE-400

Essential information

Published
25/03/2026 15:16
Modified
25/03/2026 16:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD
View on NVD

Affected products (CPE)

ProductCPE
nanoleaf / nanoleaf lines cpe:2.3:a:nanoleaf:nanoleaf_lines:12.3.2:*:*:*:*:*:*:*
nanoleaf / nanoleaf lines cpe:2.3:a:nanoleaf:nanoleaf_lines:12.3.6:*:*:*:*:*:*:*

References