Sign-up

ID

VAR-201912-2009


TITLE

Xiaomi AI speaker-mDNS service has heap corruption vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-43593

DESCRIPTION

Xiaomi AI speaker is a smart speaker product produced by Xiaomi. There is a heap corruption vulnerability in the Xiaomi AI Speaker-mDNS service. The vulnerability is due to the laxity of the boundary check when the program service parses the request message, resulting in arbitrary writing of the memory heap. An attacker could use the vulnerability to execute arbitrary code.

Trust: 0.6

sources: CNVD: CNVD-2019-43593

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-43593

AFFECTED PRODUCTS

vendor:xiaomimodel:technology co. ltd.xiaomi ai speakerscope:eqversion:1.52.1

Trust: 0.6

sources: CNVD: CNVD-2019-43593

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-43593
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-43593
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2019-43593

PATCH

title:Xiaomi AI speaker-mDNS service has heap corruption vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/189541

Trust: 0.6

sources: CNVD: CNVD-2019-43593

EXTERNAL IDS

db:CNVDid:CNVD-2019-43593

Trust: 0.6

sources: CNVD: CNVD-2019-43593

SOURCES

db:CNVDid:CNVD-2019-43593

LAST UPDATE DATE

2022-05-04T09:42:42.047000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-43593date:2019-12-10T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-43593date:2019-12-22T00:00:00