{"id":86983,"date":"2026-04-24T16:05:42","date_gmt":"2026-04-24T16:05:42","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-56562-incorrect-api-in-signify-wiz-connected-enables-remote-dos-attacks","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-56562-incorrect-api-in-signify-wiz-connected-enables-remote-dos-attacks\/","title":{"rendered":"<strong>CVE-2025-56562: Incorrect API in Signify Wiz Connected Enables Remote DoS Attacks<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>This report focuses on the CVE-2025-56562 vulnerability found in the Signify Wiz Connected 1.9.1. The vulnerability, discovered in an incorrect API, allows attackers to remotely launch a Denial of Service (DoS) attack on Wiz devices by merely using the MAC address. This vulnerability is of significant concern as it could potentially compromise systems and lead to data leakage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-56562<br \/>\nSeverity: High (CVSS: 7.5)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: System compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-709923148\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Signify Wiz Connected | 1.9.1<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>An attacker exploiting this vulnerability would first need to obtain the MAC address of the target Wiz device. This could be done through various techniques, such as sniffing network traffic. Once the MAC address is obtained, the attacker can use it to send malicious packets to the device through the incorrect API. This results in a Denial of Service attack, rendering the device unresponsive and potentially leading to further system compromise or data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2531749575\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Although the following is a hypothetical representation, it provides a rough idea of how the exploit might be conducted. This could be a sample HTTP request to the incorrect API endpoint.<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/incorrect\/api\/endpoint HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{ &quot;mac_address&quot;: &quot;AA:BB:CC:DD:EE:FF&quot;, &quot;payload&quot;: &quot;malicious_code_here&quot; }<\/code><\/pre>\n<p>In this example, the &#8220;mac_address&#8221; field represents the MAC address of the target Wiz device, and the &#8220;payload&#8221; field contains the malicious code that triggers the DoS attack.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Users are advised to apply the latest vendor patch to resolve this vulnerability. In the absence of a patch or as a temporary measure, the use of a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can help mitigate the risk associated with this vulnerability. These measures can help to detect and block malicious traffic to the incorrect API endpoint.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview This report focuses on the CVE-2025-56562 vulnerability found in the Signify Wiz Connected 1.9.1. The vulnerability, discovered in an incorrect API, allows attackers to remotely launch a Denial of Service (DoS) attack on Wiz devices by merely using the MAC address. This vulnerability is of significant concern as it could potentially compromise systems and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-86983","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=86983"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86983\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=86983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=86983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=86983"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=86983"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=86983"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=86983"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=86983"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=86983"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=86983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}