CVE-2018-17915

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:xiongmaitech:xmeye_p2p_cloud_server:-:*:*:*:*:*:*:*

Information

Published : 2018-10-10 03:29

Updated : 2019-10-09 11:37


NVD link : CVE-2018-17915

Mitre link : CVE-2018-17915

Products Affected
No products.
CWE
CWE-311

Missing Encryption of Sensitive Data