Details of VAR-202107-1895

ID

VAR-202107-1895

TITLE

Gulf Security Technology Co., Ltd. GST smart fire IoT system has SQL injection vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-39274

DESCRIPTION

The GST Smart Fire Internet of Things System is developed through successful experience in the establishment and application of urban fire automatic alarm network monitoring and management systems. Gulf Security Technology Co., Ltd. GST Smart Fire Internet of Things system has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-39274

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39274

AFFECTED PRODUCTS

vendor:

gulf security

model:

gst smart fire internet of things system

scope:

version:

v1.0

Trust: 0.6

sources: CNVD: CNVD-2021-39274

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-39274
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-39274
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-39274

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-39274

Trust: 0.6

sources: CNVD: CNVD-2021-39274

SOURCES

db:

CNVD

id:

CNVD-2021-39274

LAST UPDATE DATE

2022-05-04T10:21:11.385000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-39274

date:

2021-06-03T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-39274

date:

2021-07-02T00:00:00