ID
VAR-202202-1924
TITLE
Logic flaws in Tuya smart app and Tuya converter (smart socket)
Trust: 0.6
DESCRIPTION
Tuya Smart is an IoT cloud platform that connects the intelligent needs of brands, OEM manufacturers, developers and chain retailers, and provides a one-stop AI IoT PaaS-level solution, covering hardware development, global cloud, and smart business platform development , providing comprehensive ecological empowerment. The Tuya smart app and Tuya converter (smart socket) have a logic flaw vulnerability. The vulnerability stems from not using a secure encryption algorithm (AES/ECB) during the communication between Tuya smart app and Tuya converter (smart socket). Vulnerabilities can be exploited to obtain encrypted message instructions to reconstruct (modify) message packets and calculate corresponding checksums.
Trust: 0.6
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tuya | model: | converter ykyc-w1y0-16a | scope: | - | version: | - | Trust: 0.6 |
| vendor: | tuya | model: | smart app | scope: | eq | version: | 3.29.5 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Patch for Logic flaws in Tuya smart app and Tuya converter (smart socket) | url: | https://www.cnvd.org.cn/patchinfo/show/318106 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2021-73145 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2021-73145 |
LAST UPDATE DATE
2023-09-28T22:44:57.023000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-73145 | date: | 2022-02-09T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-73145 | date: | 2022-02-09T00:00:00 |