Details of VAR-201606-0553

ID

VAR-201606-0553

TITLE

Midea i + smart refrigerator has design logic loopholes

Trust: 0.6

sources: CNVD: CNVD-2016-06055

DESCRIPTION

Midea i + smart refrigerator is a smart home appliance developed by Midea Group. Midea's i + smart refrigerator is vulnerable to man-in-the-middle attacks due to the insecure protocol for transmitting data and the lack of verification of the content transmitted by the client and server. When the instruction is issued, the context lacks effective association information and verification, which causes a single packet to be bypassed to initiate a replay attack.

Trust: 0.6

sources: CNVD: CNVD-2016-06055

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06055

AFFECTED PRODUCTS

vendor:

midea

model:

group bcd-235tgzm

scope:

version:

3.0.3

Trust: 0.6

sources: CNVD: CNVD-2016-06055

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-06055
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-06055
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-06055

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-06055

Trust: 0.6

sources: CNVD: CNVD-2016-06055

SOURCES

db:

CNVD

id:

CNVD-2016-06055

LAST UPDATE DATE

2022-05-04T09:04:57.982000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-06055

date:

2019-05-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-06055

date:

2016-06-10T00:00:00