Description
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06
Scores
CVSS v3
6.5
EPSS
0.0099
EPSS Percentile
57.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-912
CWE-798
Status
published
Products (1)
xiongmaitech/xmeye_p2p_cloud_server
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026