Rapid7 reported the issues it found to the affected manufacturers and to the United States Computer Emergency Readiness Team (US-CERT) back in July. Some vendors responded and fixed part of the issues, or disabled vulnerable functions, but many vulnerabilities remain unpatched.
Philips was the most responsive and easy to work with of all affected manufacturers, the Rapid7 researchers said. "The company’s vendor disclosure process is well established and clearly focused on ensuring its devices are safe for consumers. We applaud Philips’ commitment to fixing this vulnerability and their established protocol for handling incoming product vulnerabilities."
The Rapid7 researchers included possible mitigations in their research paper and advised users of the affected devices to contact the vendors and inquire about firmware updates that would resolve the issues.
Sign up for Computerworld eNewsletters.