CVE-2026-3559: CWE-323: Reusing a Nonce, Key Pair in Encryption in Philips Hue Bridge
CVE-2026-3559 is a high-severity vulnerability in the Philips Hue Bridge version 1.73.1973146020 that allows network-adjacent attackers to bypass authentication without any privileges. The flaw is due to the reuse of a static nonce in the SRP authentication mechanism of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. This static nonce enables attackers to circumvent authentication controls, potentially gaining unauthorized access to the device. There is no indication that a patch or official fix is currently available. Exploits in the wild have not been reported as of the publication date.
AI Analysis
Technical Summary
This vulnerability arises from improper use of a static nonce in the Secure Remote Password (SRP) authentication mechanism within the HomeKit Accessory Protocol on Philips Hue Bridge devices. The affected service listens on TCP port 8080 and does not require authentication to be exploited. By reusing the nonce, an attacker can bypass authentication, violating the intended security model. The issue is tracked as CWE-323 (Reusing a Nonce, Key Pair in Encryption). The CVSS v3.0 base score is 8.1, indicating a high impact with network attack vector, low attack complexity, no privileges required, and no user interaction needed. Confidentiality and integrity impacts are high, while availability is not affected.
Potential Impact
Successful exploitation allows an attacker within the network to bypass authentication on the Philips Hue Bridge device, potentially leading to unauthorized control or access to the device's functions and data. The vulnerability compromises confidentiality and integrity but does not impact availability. Since authentication is bypassed, attackers could manipulate device settings or intercept sensitive information handled by the bridge.
Mitigation Recommendations
No patch or official fix has been identified or linked by the vendor as of the publication date. Users should monitor Philips' official advisories for updates regarding remediation. Until a fix is available, limiting network exposure of the Philips Hue Bridge, such as restricting access to trusted networks and blocking TCP port 8080 from untrusted sources, can reduce risk. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-3559: CWE-323: Reusing a Nonce, Key Pair in Encryption in Philips Hue Bridge
Description
CVE-2026-3559 is a high-severity vulnerability in the Philips Hue Bridge version 1.73.1973146020 that allows network-adjacent attackers to bypass authentication without any privileges. The flaw is due to the reuse of a static nonce in the SRP authentication mechanism of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. This static nonce enables attackers to circumvent authentication controls, potentially gaining unauthorized access to the device. There is no indication that a patch or official fix is currently available. Exploits in the wild have not been reported as of the publication date.
CVSS v3.0
Score 8.1high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper use of a static nonce in the Secure Remote Password (SRP) authentication mechanism within the HomeKit Accessory Protocol on Philips Hue Bridge devices. The affected service listens on TCP port 8080 and does not require authentication to be exploited. By reusing the nonce, an attacker can bypass authentication, violating the intended security model. The issue is tracked as CWE-323 (Reusing a Nonce, Key Pair in Encryption). The CVSS v3.0 base score is 8.1, indicating a high impact with network attack vector, low attack complexity, no privileges required, and no user interaction needed. Confidentiality and integrity impacts are high, while availability is not affected.
Potential Impact
Successful exploitation allows an attacker within the network to bypass authentication on the Philips Hue Bridge device, potentially leading to unauthorized control or access to the device's functions and data. The vulnerability compromises confidentiality and integrity but does not impact availability. Since authentication is bypassed, attackers could manipulate device settings or intercept sensitive information handled by the bridge.
Mitigation Recommendations
No patch or official fix has been identified or linked by the vendor as of the publication date. Users should monitor Philips' official advisories for updates regarding remediation. Until a fix is available, limiting network exposure of the Philips Hue Bridge, such as restricting access to trusted networks and blocking TCP port 8080 from untrusted sources, can reduce risk. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- zdi
- Date Reserved
- 2026-03-04T19:42:45.880Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 69b47ac82f860ef943b21738
Added to database: 3/13/2026, 8:59:52 PM
Last enriched: 5/26/2026, 8:24:11 PM
Last updated: 6/12/2026, 12:18:53 PM
Views: 196
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.