This website uses first and third party cookies to personalise your experience, analyse web traffic data, and optimise performance. We never sell your data to third parties. Privacy Policy.
Reporting Product Security Issues
We attach great importance to security issues and welcome all security researchers to report potential security vulnerabilities to us to improve the security of our products and services.
Report Vulnerabilities
If you've discovered a security or privacy vulnerability, please reach out to us at [email protected].
Nanoleaf actively tries to identify and reduce potential vulnerabilities during the product's entire lifetime and in this effort, we value input on actual or potential vulnerabilities as that gives us a possibility to address these issues and protect connected product.
When reporting, please consider the following:
- Use the provided PGP key to encrypt your email submissions.
- Include a detailed technical description of the concern or vulnerability.
- Provide your contact information (such as phone number, email, and name) so we can reach out if necessary.
- Attach or include any additional information, such as tools used or configurations that led to discovering the issue.
- If you've shared vulnerability information with coordinators like ICS-CERT, CERT/CC, NCSC, or others, kindly inform us and provide their tracking number, if available.
- If you've identified specific threats, assessed the risk, or witnessed exploitation, please include this information encrypted with PGP.
After submitting your report, our Technical team will evaluate your case and stay in touch with updates on its progress. We endeavour to respond to security reports within 1-2 weeks.
For further information on our product support policy, visit this page.
Please use Nanoleaf's public PGP key to encrypt sensitive information you send to us by email:
Version: BCPG v1.63
mQSuBGO0nkMRDADvlb+d/4sgqmYHzhoO+AMFAIl58e9mzIo0p9LqQOTUmInIUnBcV4DkJQEflg+SRZIZGSkITvN+enwQr8UKvb4wxAR1HR0TxWwoO/WfJVUf1GS7RFPtLBzbJTDM6Yx9wuRyGy88I6jB22Z1j5x1nc2Dw3132qnLC7AGo80vnFA8m6aJCBNSjs/jZ/38/TZ8TPuuOwSrE8klwecDzoVdrnQZ6DH0CWUdCa0PpEWHcQc8PoN9isz76wyvJr2xcmuMFOIXzo059Wy/V2xiDK9LLS3jFDvs6uFCX957UlcPWgvTQTCKo3Fj518BnewSLwvXGDhG3TxfMS9fYV/uMJg3tYPzns/XAaCes4v1Lev+6V8boxXbjotnGlUnwYkEkuVCNzBzTOPILUIRAnBhjhaVDNOMDbfgWTlrURBUSmwx7t372slygdsIhzRmcImLu9BZqTQ5POHF9r8TcZYkFpICDpTr0JjemgrDIMt5E4wPQaFlKvY6QjS+Yu+aUOfBpnTN6KMBAPl7QA0pvBm4Nyt/u78LENTlEdYhJFW0IlureU/SrghDDACLMMg6a2LwCve7p5+LWjQyfO4xnxM3X9w8lIWny7rJprsp3UksQaItwiV1uNK8X/uhBYOMm3wxh7hUJ9bVgHSXq+JQl/8ayWXRV6jhu5hP5qSdvAeJSY7Q90oW6H+C/IZSpg2B4crPHIeWI5zfSuWMk1coCa8DE+rX5JHTgBFOdsjoAhLZ4pQsp8RiDCEXDHspNyXZxiIEwCG/5H/OBeAG9sgub7mEAOqgzAIprehAm0il8zBgRSr4MSsm6Xwi3f32v460LO5H8ECTZbfZXrH10BJ+m59ShNZyu5MMMmSwDRs0bvgIEhpAuVS5DWfRlAA/Pf0tNBj8zeKeeu0yFgcAYrMqErbzCDtt+bG/kI9cJPu5sl9AXj2Clks6D0Tpj+QxnoEy6fKpCeUNgyJKOD58zo6rg8CjjNynVXLadcMJeUJ0KzQLDbR5+FUmihqs5WrrBAPmL5vufyuPj4FP5XQtrfvaTkM9BzZjAN3cLJ1CEkzQp++QkBN+7RTuDNQp75gL/iKWfcoOhVZU1gzkTI+b0vIzS0RXSbdFWrRrLvmTc+CgEa7e/rQax9D8N7oYbYbcfQ/sbISbwDyO9x2GBvzdg7BZOA/ejoPbiplCVjS5OJIla0GLPvv6edxfDzWlpIjqtHHUN3OE79bG56ONtA3yTyp8XQFUYcxC4UTwg3xu+SeOLDAXECUIVlUK4IOmOfN2qYe6MwrxVjWYo1G+0GW9bFld3+H2OqLEW26qtemcpQVUL3WdNj7wzmI2C4TVycCTXkL+/jGr8CBjB1Hj7l0Hwnnkq9nwdacVnPtpKoAc8XKPh8KJW4YYGnihwrGq+Macm+hzi4RDp7UTXFcVzAePfNEG1qMigZiSu46+fwk4Z0xgxUIWMNzArPyzDe3Kp1zHRQS75dFUjK5dg+TjNtwITQfEXPAGx+fy0T6lSWVFH9m4D17aYVP9kXX1U3E97kNL1qLsbu5KcwvxXsolc677CmwvhR5UCQzvRQbuC+Hw6QewYQSPulleYPf6sy1hLSz3vbQ4TmFub2xlYWYgUHJvZHVjdCBTZWN1cml0eSA8cHJvZHVjdC1zZWN1cml0eUBuYW5vbGVhZi5tZT6IXgQTEQoABgUCY7SeQwAKCRCiYHCIKo9VoayNAQCNAVQNNO25IOfb+b2DX5zGqI1WFXgcgSq8uZlDkWJNNgEAsu6PHQM0gWEvXaPSTNAvhyp38k0bP0g8Ng5wFp8Vvpq5AQ0EY7SeQxAEAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AAICA/sEYnGySnTrSIWZaX3yKNGyZilvkb5iIwhTSES4nF3hFTNlPnj/6vrtHjreMg29f6P/qTuw5c1DofSh8Vzg+RslEsH6fidovo+Iq6dNdGkt9UzeZPFk0qFONIgEiIR5kPqxAK733AVmEHlg8ejqzC3FT1tlhrwr6IY/Ws6WyXgs/YheBBgRCgAGBQJjtJ5DAAoJEKJgcIgqj1Whw7MBAOzOifIhkBI/rCmwXa5TF4jQBMWTClKzXNZLqY0zzhuoAP9IBWYXBrwalpHLHyNVoIB0/cfYs7MLRXeiTMmzD1rphA===XA1Q
-----END PGP PUBLIC KEY BLOCK-----
Fixed Issues
April 26, 2023
Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. See Details
Release Note
- Fixed in 7.1.3. Learn More
Date
Description
- April 26, 2023Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. See Details
Release Note
- Fixed in 7.1.3. Learn More