CVE-2015-8269

HIGH

Fisher-Price Smart Toy Bear - Info Disclosure

Title source: llm

Description

The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.

References (3)

[Third Party Advisory] https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform

[US Government Resource] https://www.kb.cert.org/vuls/id/719736

[US Government Resource] https://www.kb.cert.org/vuls/id/GWAN-A6LPPW

Scores

CVSS v3 7.5

EPSS 0.0079

EPSS Percentile 73.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status draft

Affected Products (1)

fisher-price/smart_toy_bear

Timeline

Published Feb 04, 2016

Tracked Since Feb 18, 2026