Sign-up

ID

VAR-201906-1352


TITLE

Xiaomi ai speaker has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-15526

DESCRIPTION

Xiaomi ai speaker is a smart speaker product produced by Xiaomi. There is an unauthorized access vulnerability in the Xiaomi AI speaker. An attacker can use this vulnerability to control the speaker to play any remote and local audio files.

Trust: 0.6

sources: CNVD: CNVD-2019-15526

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-15526

AFFECTED PRODUCTS

vendor:xiaomimodel:ai speakerscope:eqversion:1.40.14

Trust: 0.6

sources: CNVD: CNVD-2019-15526

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-15526
value: LOW

Trust: 0.6

CNVD: CNVD-2019-15526
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-15526

PATCH

title:Xiaomi ai speaker has unauthorized access vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/159635

Trust: 0.6

sources: CNVD: CNVD-2019-15526

EXTERNAL IDS

db:CNVDid:CNVD-2019-15526

Trust: 0.6

sources: CNVD: CNVD-2019-15526

SOURCES

db:CNVDid:CNVD-2019-15526

LAST UPDATE DATE

2022-05-04T09:10:15.448000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-15526date:2019-06-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-15526date:2019-06-07T00:00:00