Details of VAR-201911-1956

ID

VAR-201911-1956

TITLE

Xiaomi Mijia Smart Platform has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-40290

DESCRIPTION

The Xiaomi Mijia Intelligent Platform is an open platform for Xiaomi for the IoT field, which can realize the interconnection and interconnection of consumer intelligent hardware such as smart home equipment, smart home appliances, smart wearable devices, and smart travel devices. There is an unauthorized access vulnerability in the Xiaomi Mijia Smart Platform. An attacker can use this vulnerability to continue to control the device even if the sharing permission is revoked.

Trust: 0.6

sources: CNVD: CNVD-2019-40290

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-40290

AFFECTED PRODUCTS

vendor:

xiaomi

model:

technology co. ltd.xiaomi mijia intelligent platform

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2019-40290

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-40290
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2019-40290
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-40290

PATCH

title:

Xiaomi Mijia Smart Platform has unauthorized access vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/182181

Trust: 0.6

sources: CNVD: CNVD-2019-40290

EXTERNAL IDS

db:

CNVD

id:

CNVD-2019-40290

Trust: 0.6

sources: CNVD: CNVD-2019-40290

SOURCES

db:

CNVD

id:

CNVD-2019-40290

LAST UPDATE DATE

2022-05-04T09:55:53.485000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-40290

date:

2019-11-13T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-40290

date:

2019-11-06T00:00:00