[Suggested description]
An issue was discovered in WiZ Colors A60 1.14.0.
The device sends unnecessary information to the cloud controller
server. Although this information is sent encrypted and has low risk in isolation,
it decreases the privacy of the end user.
The information sent includes the local IP address being used and the SSID
of the Wi-Fi network the device is connected to.
(Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)

------------------------------------------

[VulnerabilityType Other]
Information disclosure

------------------------------------------

[Vendor of Product]
WiZ Connected

------------------------------------------

[Affected Product Code Base]
WiZ Colors A60 - 1.14.0

------------------------------------------

[Affected Component]
WiZ Colors A60

------------------------------------------

[Attack Type]
Context-dependent

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Attack Vectors]
None. The Lightbulb by default transmits privacy sensitive info to the cloud system.

------------------------------------------

[Reference]
N/A

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Willem Westerhof, Wouter Wessels, Jim Blankendaal, Jasper Nota from Qbit in assignment of the Consumentenbond.
Use CVE-2020-11922.