Details of VAR-201602-0182

ID

VAR-201602-0182

CVE

CVE-2015-8269

TITLE

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Trust: 0.8

sources: CERT/CC: VU#719736

DESCRIPTION

The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. Fisher price Smart Toy Web services for multiple API The call is not properly authenticated. Also, Smart Toy Fragile versions of toys Android OS May have been used. Fisher price Smart Toy Bear Is Wi-Fi With connection function IoT It is a toy. This toy uses the network function to provide further interaction with the child, the user. Inappropriate authentication (CWE-287) - CVE-2015-8269 Fisher price Smart Toy Has registered a user account with a predictable number. Smart Toy An attacker with one account can execute queries and commands against other accounts. An attacker can obtain information about other users, such as name, date of birth, and gender, by issuing a query. It is also possible to edit some information of other users and associate registered toys with other accounts. CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html Rapid7 According to researchers, not all data in the account can be changed or retrieved and the impact is limited. Also, this researcher Smart Toy But Android 4.4 (KitKat) It is supposed to work with. At the moment, Smart Toy Latest for product Android It is unknown whether security patches have been applied. For more information, Rapid7 See the security advisory for. Rapid7 Security Advisory for https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform Fisher price Smart Toy I will provide a Mattel, Inc. Says: "We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this. We have recently been using Fisher Price Wi-Fi Connection Smart Toy Bear I learned about security vulnerabilities. This issue has already been fixed and no unauthorized access to customer information has been confirmed. Mattel At FisherPrice, we believe that the security of customers and their personal information is extremely important, and we will work to quickly resolve such vulnerabilities. "A remote attacker may obtain or change the personal information of the child or parent associated with the product. There is also the possibility of getting a toy. Fisher-Price Smart Toy is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions like modifying private information or take ownership of the toy

Trust: 3.78

sources: NVD: CVE-2015-8269 // CERT/CC: VU#719736 // JVNDB: JVNDB-2016-001344 // CNVD: CNVD-2016-00991 // CNNVD: CNNVD-201602-131 // BID: 82404 // VULMON: CVE-2015-8269

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00991

AFFECTED PRODUCTS

vendor:	fisher price	model:	smart toy bear	scope:	eq	version:	*	Trust: 1.0
vendor:	mattel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mattel	model:	fisher price smart toy web services	scope:	-	version:	-	Trust: 0.8
vendor:	mattel	model:	fisher-price smart toy bear	scope:	-	version:	-	Trust: 0.6
vendor:	fisher price	model:	smart toy bear	scope:	-	version:	-	Trust: 0.6

sources: CERT/CC: VU#719736 // CNVD: CNVD-2016-00991 // JVNDB: JVNDB-2016-001344 // CNNVD: CNNVD-201602-131 // NVD: CVE-2015-8269

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2015-8269
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2015-8269
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2016-00991
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201602-131
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2015-8269
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-8269
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
NVD:	CVE-2015-8269
severity:	MEDIUM
baseScore:	6.5
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-00991
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2015-8269
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CERT/CC: VU#719736 // CNVD: CNVD-2016-00991 // VULMON: CVE-2015-8269 // JVNDB: JVNDB-2016-001344 // CNNVD: CNNVD-201602-131 // NVD: CVE-2015-8269

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2016-001344 // NVD: CVE-2015-8269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-131

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201602-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001344

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#719736

PATCH

title:	Smart Toy Bear	url:	http://www.fisher-price.com/shop/smart-toys--174%3B/smart-toy-bear-dnv31	Trust: 0.8
title:	トップページ	url:	http://www.fisher-price.com/ja_JP/index.html	Trust: 0.8
title:	MattelFisher-PriceSmartToyBearAPI Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/71369	Trust: 0.6
title:	Mattel Fisher-Price Smart Toy Bear Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60081	Trust: 0.6
title:	IoT-PenTesting-Research-	url:	https://github.com/RedaMastouri/IoT-PenTesting-Research-	Trust: 0.1
title:	IOt-Hack	url:	https://github.com/mrnamp/IOt-Hack	Trust: 0.1
title:	-	url:	https://github.com/MdTauheedAlam/IOT-Hacks	Trust: 0.1
title:	IOTHacks	url:	https://github.com/AliyaValieva/IOTHacks	Trust: 0.1
title:	awesome-iot-hacks	url:	https://github.com/nebgnahz/awesome-iot-hacks	Trust: 0.1
title:	Awesome-Hardware-and-IoT-Hacking	url:	https://github.com/CyberSecurityUP/Awesome-Hardware-and-IoT-Hacking	Trust: 0.1

sources: CNVD: CNVD-2016-00991 // VULMON: CVE-2015-8269 // JVNDB: JVNDB-2016-001344 // CNNVD: CNNVD-201602-131

EXTERNAL IDS

db:	CERT/CC	id:	VU#719736	Trust: 3.6
db:	NVD	id:	CVE-2015-8269	Trust: 3.4
db:	JVN	id:	JVNVU99349751	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001344	Trust: 0.8
db:	CNVD	id:	CNVD-2016-00991	Trust: 0.6
db:	CNNVD	id:	CNNVD-201602-131	Trust: 0.6
db:	BID	id:	82404	Trust: 0.3
db:	VULMON	id:	CVE-2015-8269	Trust: 0.1

sources: CERT/CC: VU#719736 // CNVD: CNVD-2016-00991 // VULMON: CVE-2015-8269 // BID: 82404 // JVNDB: JVNDB-2016-001344 // CNNVD: CNNVD-201602-131 // NVD: CVE-2015-8269

REFERENCES

url:	https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform	Trust: 4.2
url:	https://www.kb.cert.org/vuls/id/719736	Trust: 2.9
url:	https://www.kb.cert.org/vuls/id/gwan-a6lppw	Trust: 2.5
url:	http://www.fisher-price.com/shop/smart-toys--174%3b/smart-toy-bear-dnv31	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8269	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99349751/index.html	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8269	Trust: 0.8
url:	http://fortune.com/2016/02/02/fisher-price-smart-toy-bear-data-leak/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://github.com/redamastouri/iot-pentesting-research-	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nebgnahz/awesome-iot-hacks	Trust: 0.1

sources: CERT/CC: VU#719736 // CNVD: CNVD-2016-00991 // VULMON: CVE-2015-8269 // BID: 82404 // JVNDB: JVNDB-2016-001344 // CNNVD: CNNVD-201602-131 // NVD: CVE-2015-8269

CREDITS

Rapid7

Trust: 0.3

sources: BID: 82404

SOURCES

db:	CERT/CC	id:	VU#719736
db:	CNVD	id:	CNVD-2016-00991
db:	VULMON	id:	CVE-2015-8269
db:	BID	id:	82404
db:	JVNDB	id:	JVNDB-2016-001344
db:	CNNVD	id:	CNNVD-201602-131
db:	NVD	id:	CVE-2015-8269

LAST UPDATE DATE

2025-04-12T23:24:31.457000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#719736	date:	2016-02-02T00:00:00
db:	CNVD	id:	CNVD-2016-00991	date:	2016-02-16T00:00:00
db:	VULMON	id:	CVE-2015-8269	date:	2016-02-24T00:00:00
db:	BID	id:	82404	date:	2016-07-05T21:21:00
db:	JVNDB	id:	JVNDB-2016-001344	date:	2016-02-24T00:00:00
db:	CNNVD	id:	CNNVD-201602-131	date:	2016-02-05T00:00:00
db:	NVD	id:	CVE-2015-8269	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#719736	date:	2016-02-02T00:00:00
db:	CNVD	id:	CNVD-2016-00991	date:	2016-02-16T00:00:00
db:	VULMON	id:	CVE-2015-8269	date:	2016-02-04T00:00:00
db:	BID	id:	82404	date:	2016-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2016-001344	date:	2016-02-04T00:00:00
db:	CNNVD	id:	CNNVD-201602-131	date:	2016-02-04T00:00:00
db:	NVD	id:	CVE-2015-8269	date:	2016-02-04T11:59:00.113