CVE-2018-17915

CVE-2018-17915

Vendor Hangzhou Xiongmai Technology Co., Ltd
Product XMeye P2P Cloud Server
Weakness CWE-311 · Missing encryption
Published October 10, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

Key dates

02Disclosure timeline

October 10, 2018 CVE published
September 16, 2024 Record updated