Sign-up

ID

VAR-201912-2008


TITLE

Xiaomi AI Speaker-Denial of Service Vulnerability in mDNS Service

Trust: 0.6

sources: CNVD: CNVD-2019-43594

DESCRIPTION

Xiaomi AI speaker is a smart speaker product produced by Xiaomi. There is a denial of service vulnerability in the Xiaomi AI Speaker-mDNS service. The vulnerability is caused by the program service failing to fully judge the malformed message when parsing the request message, causing the parsing thread to fall into an infinite loop. An attacker could use the vulnerability to launch a denial of service attack.

Trust: 0.6

sources: CNVD: CNVD-2019-43594

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-43594

AFFECTED PRODUCTS

vendor:xiaomimodel:technology co. ltd.xiaomi ai speakerscope:eqversion:1.52.1

Trust: 0.6

sources: CNVD: CNVD-2019-43594

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-43594
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-43594
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-43594

PATCH

title:Xiaomi AI Speaker-Denial of Service Vulnerability in mDNS Serviceurl:https://www.cnvd.org.cn/patchinfo/show/189539

Trust: 0.6

sources: CNVD: CNVD-2019-43594

EXTERNAL IDS

db:CNVDid:CNVD-2019-43594

Trust: 0.6

sources: CNVD: CNVD-2019-43594

SOURCES

db:CNVDid:CNVD-2019-43594

LAST UPDATE DATE

2022-05-04T09:28:23.722000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-43594date:2019-12-10T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-43594date:2019-12-22T00:00:00