Researchers at the Synopsys Cybersecurity Research Center (CyRC) have discovered a vulnerability affecting availability in the IKEA TRÅDFRI smart lighting system. A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control.
The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected.
To recover from this attack, a user could manually power cycle the gateway. However, an attacker could reproduce the attack at any time.
CVE-2022-39065 is related to another availability vulnerability that was recently discovered in the IKEA TRÅDFRI smart lighting system (CVE-2022-39064). Read our latest blog post to learn more.