Sign-up

ID

VAR-201904-1629


TITLE

Himalayan Xiaoya smart speaker has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-07688

DESCRIPTION

Himalayan Xiaoya smart speaker is a smart speaker product produced by Himalayan company. The Himalayan Xiaoya smart speaker has an unauthorized access vulnerability. An attacker can control the speaker to play any remote and local arbitrary audio file by constructing a malicious dlna protocol packet.

Trust: 0.6

sources: CNVD: CNVD-2019-07688

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-07688

AFFECTED PRODUCTS

vendor:zendai himalaya networkmodel:himalayan xiaoya smart speakerscope:eqversion:v3.0.39

Trust: 0.6

sources: CNVD: CNVD-2019-07688

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-07688
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-07688
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-07688

PATCH

title:Himalayan Xiaoya smart speaker has unauthorized access vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/154969

Trust: 0.6

sources: CNVD: CNVD-2019-07688

EXTERNAL IDS

db:CNVDid:CNVD-2019-07688

Trust: 0.6

sources: CNVD: CNVD-2019-07688

SOURCES

db:CNVDid:CNVD-2019-07688

LAST UPDATE DATE

2022-05-04T10:18:51.472000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-07688date:2019-05-07T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-07688date:2019-04-13T00:00:00