Details of VAR-202009-1703

ID

VAR-202009-1703

TITLE

Hangzhou Tuya Technology Co., Ltd. Tuya Smart Platform Exists Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-48958

DESCRIPTION

Tuya Intelligence is a global intelligent platform, "AI+IoT" developer platform. There is an unauthorized access vulnerability in the Tuya Smart Platform of Hangzhou Tuya Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information under certain conditions.

Trust: 0.6

sources: CNVD: CNVD-2020-48958

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-48958

AFFECTED PRODUCTS

vendor:

tuya

model:

smart platform

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-48958

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-48958
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-48958
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-48958

PATCH

title:

Patch for Hangzhou Tuya Technology Co., Ltd. Tuya Smart Platform Exists Unauthorized Access Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/227543

Trust: 0.6

sources: CNVD: CNVD-2020-48958

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-48958

Trust: 0.6

sources: CNVD: CNVD-2020-48958

SOURCES

db:

CNVD

id:

CNVD-2020-48958

LAST UPDATE DATE

2022-05-04T09:59:45.433000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-48958

date:

2022-01-04T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-48958

date:

2020-09-08T00:00:00