CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-8866

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.3%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://dl.acm.org/citation.cfm?id=3139947
https://dl.acm.org/citation.cfm?id=3139947

Products affected by CVE-2017-8866

Cognitoys » Stemosaur » Version: N/A

cpe:2.3:h:cognitoys:stemosaur:-
Cognitoys » Stemosaur Firmware » Version: 0.0.794

cpe:2.3:o:cognitoys:stemosaur_firmware:0.0.794

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8866

Products

Pricing

Contact Us