CVE-2018-17917

Опубликовано: 10 окт. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xiongmaitech:xmeye_p2p_cloud_server:*:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00174

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-341

CWE-200

Связанные уязвимости

GHSA-hx93-w6p2-8rvj