Vulnerability Details CVE-2018-17915
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.4
References
Products affected by CVE-2018-17915
-
cpe:2.3:a:xiongmaitech:xmeye_p2p_cloud_server:-