Nanoleaf: community verdicts
2 notable / known-exploited Nanoleaf CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Nanoleaf CVE, see NVD ↗.
- CVE-2022-46640CRIT 9.8Real · low riskEPSS 2%
Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request.
- CVE-2022-47758CRIT 9.8Real · low riskEPSS 1%
Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.