CVE-2018-17915

EUVD-2018-9656
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
xiongmaitechxmeye_p2p_cloud_server
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06