CVE-2015-8269

EUVD-2015-8157
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
fisher-pricesmart_toy_bear
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform
https://www.kb.cert.org/vuls/id/719736
https://www.kb.cert.org/vuls/id/GWAN-A6LPPW
https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform
https://www.kb.cert.org/vuls/id/719736
https://www.kb.cert.org/vuls/id/GWAN-A6LPPW