Sign-up

ID

VAR-201912-2007


TITLE

Communication key leak vulnerability in JD Xiaojingyu smart platform

Trust: 0.6

sources: CNVD: CNVD-2019-43829

DESCRIPTION

The Xiaojingyu Intelligent Platform integrates the original Jingdong Alpha platform and introduces Jingdong's artificial intelligence and big data capabilities. It not only focuses on the original smart hardware, smart home, and smart travel solutions, but also extends its IoT capabilities to Multiple scenes. Jingdong Xiaojingyu Intelligent Platform has a communication key leakage vulnerability. An attacker can use this information to construct device instructions to control device behavior.

Trust: 0.6

sources: CNVD: CNVD-2019-43829

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-43829

AFFECTED PRODUCTS

vendor:jingdong century tradingmodel:little jingyu intelligent platformscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-43829

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-43829
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-43829
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-43829

PATCH

title:Communication key leak vulnerability in JD Xiaojingyu smart platformurl:https://www.cnvd.org.cn/patchinfo/show/189797

Trust: 0.6

sources: CNVD: CNVD-2019-43829

EXTERNAL IDS

db:CNVDid:CNVD-2019-43829

Trust: 0.6

sources: CNVD: CNVD-2019-43829

SOURCES

db:CNVDid:CNVD-2019-43829

LAST UPDATE DATE

2022-05-04T10:25:55.891000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-43829date:2019-12-10T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-43829date:2019-12-26T00:00:00