CVE-2026-33268

Published: Mar 25, 2026 Last Modified: Mar 25, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 6,5

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: low

Description

AI Translation Available

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6.

400

Uncontrolled Resource Consumption

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf…

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026…

https://support.nanoleaf.me/hc/en-us/articles/4526944598709…

https://support.nanoleaf.me/hc/en-us/articles/45269445987092-Products-Firmware-…

https://www.cve.org/CVERecord?id=CVE-2026-33268

CVE-2026-33268

Description

Uncontrolled Resource Consumption

Common Consequences

Applicable Platforms

Iscriviti alla newsletter