Vulnerability-Lookup

CNVD-2015-03830

Vulnerability from cnvd - Published: 2015-06-17

Title

Kankun Smart Socket设备和移动应用程序本地安全绕过漏洞

Description

Kankun Smart Socket device是一款无线智能插座。mobile application是无线智能插座的移动应用程序。 Kankun Smart Socket设备和移动应用程序使用硬编码的AES 256位密钥，远程攻击者可通过嗅探网络,获取敏感信息或访问设备。

Severity

中

Formal description

目前厂商还没有提出此漏洞的相关补丁或升级程序，建议使用此软件的用户随时关注厂商的主页以获得最新版本： http://www.ikonke.com/

Reference

https://plus.google.com/109112844319840106704/posts

Impacted products

Name
kankunit Kankun Smart Socket

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75057"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4080"
    }
  },
  "description": "Kankun Smart Socket device\u662f\u4e00\u6b3e\u65e0\u7ebf\u667a\u80fd\u63d2\u5ea7\u3002mobile application\u662f\u65e0\u7ebf\u667a\u80fd\u63d2\u5ea7\u7684\u79fb\u52a8\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nKankun Smart Socket\u8bbe\u5907\u548c\u79fb\u52a8\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u786c\u7f16\u7801\u7684AES 256\u4f4d\u5bc6\u94a5\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u55c5\u63a2\u7f51\u7edc,\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u8bbf\u95ee\u8bbe\u5907\u3002",
  "discovererName": "Payatu Research",
  "formalWay": "\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u51fa\u6b64\u6f0f\u6d1e\u7684\u76f8\u5173\u8865\u4e01\u6216\u5347\u7ea7\u7a0b\u5e8f\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u5f97\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://www.ikonke.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03830",
  "openTime": "2015-06-17",
  "products": {
    "product": "kankunit Kankun Smart Socket"
  },
  "referenceLink": "https://plus.google.com/109112844319840106704/posts",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-10",
  "title": "Kankun Smart Socket\u8bbe\u5907\u548c\u79fb\u52a8\u5e94\u7528\u7a0b\u5e8f\u672c\u5730\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2015-4080 (GCVE-0-2015-4080)

Vulnerability from cvelistv5 – Published: 2015-06-09 14:00 – Updated: 2024-08-06 06:04

Summary

The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://packetstormsecurity.com/files/132210/Kanku…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/535702/100…	mailing-listx_refsource_BUGTRAQ
	https://plus.google.com/109112844319840106704/posts	x_refsource_MISC
	http://www.securityfocus.com/bid/75057	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:04:02.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html"
          },
          {
            "name": "20150606 Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/535702/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://plus.google.com/109112844319840106704/posts"
          },
          {
            "name": "75057",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75057"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html"
        },
        {
          "name": "20150606 Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/535702/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://plus.google.com/109112844319840106704/posts"
        },
        {
          "name": "75057",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75057"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4080",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html"
            },
            {
              "name": "20150606 Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/535702/100/0/threaded"
            },
            {
              "name": "https://plus.google.com/109112844319840106704/posts",
              "refsource": "MISC",
              "url": "https://plus.google.com/109112844319840106704/posts"
            },
            {
              "name": "75057",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75057"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4080",
    "datePublished": "2015-06-09T14:00:00",
    "dateReserved": "2015-05-25T00:00:00",
    "dateUpdated": "2024-08-06T06:04:02.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-03830

CVE-2015-4080 (GCVE-0-2015-4080)

Tags

Sightings

Nomenclature