Details of VAR-201903-1739

ID

VAR-201903-1739

TITLE

Command execution vulnerability in Philips smart wireless speakers

Trust: 0.6

sources: CNVD: CNVD-2019-06254

DESCRIPTION

Philips Smart Wireless Speaker is an artificial intelligence-based music player that can be networked. A command execution vulnerability exists in Philips Smart Wireless Speakers, which could allow an attacker to execute arbitrary commands with administrator privileges.

Trust: 0.6

sources: CNVD: CNVD-2019-06254

IOT TAXONOMY

category:

['IoT', 'ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-06254

AFFECTED PRODUCTS

vendor:

philips investment

model:

smart wireless speaker

scope:

version:

/93v1.1.1.0915

Trust: 0.6

sources: CNVD: CNVD-2019-06254

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-06254
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2019-06254
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-06254

PATCH

title:

Command execution vulnerability exists in the background of Philips smart speakers

url:

https://www.cnvd.org.cn/patchinfo/show/153037

Trust: 0.6

sources: CNVD: CNVD-2019-06254

EXTERNAL IDS

db:

CNVD

id:

CNVD-2019-06254

Trust: 0.6

sources: CNVD: CNVD-2019-06254

SOURCES

db:

CNVD

id:

CNVD-2019-06254

LAST UPDATE DATE

2022-05-04T10:18:52.593000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-06254

date:

2019-05-07T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-06254

date:

2019-03-19T00:00:00