Description
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
References (3)
Core 3
Core References
US Government Resource x_refsource_confirm
https://www.kb.cert.org/vuls/id/GWAN-A6LPPW
Third Party Advisory x_refsource_misc
https://community.rapid7.com/community/infosec/blog/2016/02/02/security-vulnerabilities-within-fisher-price-smart-toy-hereo-gps-platform
US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/719736
Scores
CVSS v3
7.5
EPSS
0.0229
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
fisher-price/smart_toy_bear
Published
Feb 04, 2016
Tracked Since
Feb 18, 2026