Описание
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xiongmaitech:xmeye_p2p_cloud_server:-:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.0015
Низкий
9.8 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-311
CWE-311
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
EPSS
Процентиль: 36%
0.0015
Низкий
9.8 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-311
CWE-311