Sign-up

ID

VAR-202003-1696


CVE

CVE-2020-8994


TITLE

XIAOMI AI speaker MDZ-25-DT Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002460

DESCRIPTION

An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor. XIAOMI AI speaker MDZ-25-DT Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 2.16

sources: NVD: CVE-2020-8994 // JVNDB: JVNDB-2020-002460 // CNVD: CNVD-2020-16105

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['wearable device']sub_category:smart speaker

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-16105

AFFECTED PRODUCTS

vendor:mimodel:mdz-25-dtscope:eqversion:1.40.14

Trust: 1.6

vendor:mimodel:mdz-25-dtscope:eqversion:1.34.36

Trust: 1.6

vendor:xiaomimodel:mdz-25-dtscope:eqversion:1.34.36

Trust: 0.8

vendor:xiaomimodel:mdz-25-dtscope:eqversion:1.40.14

Trust: 0.8

vendor:xiaomimodel:ai speaker mdz-25-dtscope:eqversion:1.34.36

Trust: 0.6

vendor:xiaomimodel:ai speaker mdz-25-dtscope:eqversion:1.40.14

Trust: 0.6

vendor:mimodel:mdz-25-dtscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-16105 // JVNDB: JVNDB-2020-002460 // CNNVD: CNNVD-202003-210 // NVD: CVE-2020-8994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8994
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002460
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-16105
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-210
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-8994
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002460
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-16105
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-8994
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002460
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16105 // JVNDB: JVNDB-2020-002460 // CNNVD: CNNVD-202003-210 // NVD: CVE-2020-8994

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-522

Trust: 0.8

sources: JVNDB: JVNDB-2020-002460 // NVD: CVE-2020-8994

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-210

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002460

PATCH
title:Top Pageurl:https://www.mi.com/global/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002460

EXTERNAL IDS
db:NVDid:CVE-2020-8994
Trust: 3.1
db:JVNDBid:JVNDB-2020-002460
Trust: 0.8
db:CNVDid:CNVD-2020-16105
Trust: 0.6
db:CNNVDid:CNNVD-202003-210
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-16105 // 
            
            
            
            JVNDB: JVNDB-2020-002460 // 
            
            
            
            CNNVD: CNNVD-202003-210 // 
            
            
            
            NVD: CVE-2020-8994

REFERENCES
url:https://github.com/jian-xian/cve-poc/blob/master/cve-2020-8994.md
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-8994
Trust: 2.0
url:https://www.usenix.org/sites/default/files/soups2018posters-lau.pdf
Trust: 1.6
url:https://youtu.be/ycadg38yzw8
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8994
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-16105 // 
            
            
            
            JVNDB: JVNDB-2020-002460 // 
            
            
            
            CNNVD: CNNVD-202003-210 // 
            
            
            
            NVD: CVE-2020-8994

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-16105
db:JVNDBid:JVNDB-2020-002460
db:CNNVDid:CNNVD-202003-210
db:NVDid:CVE-2020-8994

LAST UPDATE DATE
2025-01-30T20:07:55.161000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16105date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2020-002460date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-210date:2020-03-13T00:00:00
db:NVDid:CVE-2020-8994date:2024-11-21T05:39:47.843

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16105date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2020-002460date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-210date:2020-03-05T00:00:00
db:NVDid:CVE-2020-8994date:2020-03-05T16:15:12.143