CVE-2018-17915

Summary

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

Affected Software

VendorProductVersion RangeStatus
Hangzhou Xiongmai Technology Co., LtdXMeye P2P Cloud ServerAll versionsaffected

Weaknesses

  • CWE-311: MISSING ENCRYPTION OF SENSITIVE DATA CWE-311

ADP Enrichment

CVE Program Container

Additional References

References