Sign-up

ID

VAR-201910-1867


TITLE

Unauthorized Access Vulnerability in Retained Message of Baidu Tiangong Intelligent Platform

Trust: 0.6

sources: CNVD: CNVD-2019-34654

DESCRIPTION

Baidu Tiangong Intelligent Platform is a cloud service platform for the Internet of Things field. It communicates through mainstream IoT protocols (such as MQTT), and can build IoT projects between smart devices and the cloud. An unauthorized access vulnerability exists in the Retained Message of Baidu Tiangong Intelligent Platform.

Trust: 0.6

sources: CNVD: CNVD-2019-34654

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-34654

AFFECTED PRODUCTS

vendor:baidu wangxunmodel:tiangong intelligent platformscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-34654

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-34654
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-34654
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-34654

PATCH

title:Unauthorized Access Vulnerability in Retained Message of Baidu Tiangong Intelligent Platformurl:https://www.cnvd.org.cn/patchinfo/show/180833

Trust: 0.6

sources: CNVD: CNVD-2019-34654

EXTERNAL IDS

db:CNVDid:CNVD-2019-34654

Trust: 0.6

sources: CNVD: CNVD-2019-34654

SOURCES

db:CNVDid:CNVD-2019-34654

LAST UPDATE DATE

2022-05-04T09:50:36.511000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-34654date:2019-10-12T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-34654date:2019-10-26T00:00:00