CVE-2018-17915
CRITICALXiongmai XMeye P2P Cloud Server - Missing Encryption of Sensitive Data
Title source: llmDescription
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06
Scores
CVSS v3
9.8
EPSS
0.0109
EPSS Percentile
60.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-311
Status
published
Products (1)
xiongmaitech/xmeye_p2p_cloud_server
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026