Details of VAR-201606-0552

ID

VAR-201606-0552

TITLE

Midea M-Smart smart socket has design logic loopholes

Trust: 0.6

sources: CNVD: CNVD-2016-06052

DESCRIPTION

Midea M-Smart smart socket is a smart home appliance developed by Midea Group. Midea M-Smart smart sockets are vulnerable to man-in-the-middle attacks due to the insecure protocol used to transmit data and lack of verification of the content transmitted by the client and server. When the instruction is issued, the context lacks effective association information and verification, which causes a single packet to be bypassed to initiate a replay attack.

Trust: 0.6

sources: CNVD: CNVD-2016-06052

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06052

AFFECTED PRODUCTS

vendor:

midea

model:

group m-smart smart socket mjzs-01

scope:

version:

3.0.3

Trust: 0.6

sources: CNVD: CNVD-2016-06052

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-06052
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-06052
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-06052

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-06052

Trust: 0.6

sources: CNVD: CNVD-2016-06052

SOURCES

db:

CNVD

id:

CNVD-2016-06052

LAST UPDATE DATE

2022-05-04T10:16:26.798000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-06052

date:

2019-05-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-06052

date:

2016-06-03T00:00:00