Details of VAR-201806-1887

ID

VAR-201806-1887

TITLE

Skyworth Smart TV Has Smart Hardware Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-08535

DESCRIPTION

Skyworth Group Co., Ltd. is a technology listed company that produces consumer electronics, networking and communications products. Skyworth Smart TV has a smart hardware vulnerability. The vulnerability is due to Skyworth Smart TV's no restrictions on third-party applications. Attackers can use the vulnerability to play arbitrary videos; call the system's sensitive interface and upload the collected system data.

Trust: 0.6

sources: CNVD: CNVD-2018-08535

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-08535

AFFECTED PRODUCTS

vendor:

skyworth group

model:

smart tv 50x5e

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2018-08535

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-08535
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2018-08535
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-08535

PATCH

title:

Skyworth Smart TV has no permission restrictions on third-party applications. There are smart hardware vulnerabilities.

url:

https://www.cnvd.org.cn/patchinfo/show/126499

Trust: 0.6

sources: CNVD: CNVD-2018-08535

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-08535

Trust: 0.6

sources: CNVD: CNVD-2018-08535

SOURCES

db:

CNVD

id:

CNVD-2018-08535

LAST UPDATE DATE

2022-05-04T08:37:46.513000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-08535

date:

2019-05-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-08535

date:

2018-06-04T00:00:00