CVE-2018-17915

CRITICAL

Xiongmaitech Xmeye P2p Cloud Server - Missing Encryption

Title source: rule

Description

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

References (1)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06

Scores

CVSS v3 9.8

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (1)

xiongmaitech/xmeye_p2p_cloud_server

Published Oct 10, 2018

Tracked Since Feb 18, 2026