CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
72.4%
The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android.
The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy. The device utilizes network connectivity to provide more interactivity with children.
CWE-287**: Improper Authentication -**CVE-2015-8269
The Fisher-Price Smart Toy uses a predictable account number which may allow an attacker that has signed up for the Fisher-Price Smart Toy platform to perform some queries and commands on other accounts. Such queries may allow an attacker to learn name, birthday, gender, and other details of the user. An attacker may also edit some personal details, and re-associate the toy to a different account.
According to the researchers at Rapid7, not all data is modifiable or reachable, somewhat mitigating the impact: Furthermore, the researcher notes the Smart Toy is based on Android 4.4 (KitKat). It is currently not clear if the platform is updated with the latest Android security patches.
For more information, please see Rapid7’s security advisory.
Mattel, Inc., has provided the following statement:
"We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this.’
A remote attacker may be able to view or edit private information about the child and/or parent that registers the toy, and may take over ownership of the toy.
Fisher-Price has made changes to the platform to mitigate this issue. Concerned users should contact Mattel, Inc. / Fisher-Price for more information.
719736
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 06, 2016 Updated: February 01, 2016
Statement Date: January 07, 2016
Affected
We recently learned of a security vulnerability with our Fisher-Price WiFi-connected Smart Toy Bear. We have remediated the situation and have no reason to believe that customer information was accessed by any unauthorized person. Mattel and Fisher-Price take the safety of our consumers and their personal data very seriously, which is why we act quickly to resolve potential vulnerabilities like this.
Fisher-Price is a division of Mattel.
Group | Score | Vector |
---|---|---|
Base | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Temporal | 5.9 | E:POC/RL:U/RC:C |
Environmental | 4.4 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Mark Stanislav of Rapid7, Inc., for reporting these issues to us.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-8269 |
---|---|
Date Public: | 2016-02-02 Date First Published: |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
72.4%