Main Vulnerability Database Vulnerabilities #VU15318

#VU15318 Information disclosure in XMeye P2P Cloud Server - CVE-2018-17917

Published: October 9, 2018 / Updated: October 11, 2018

Vulnerability identifier: #VU15318

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-17917

CWE-ID: CWE-341

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
XMeye P2P Cloud Server

Software vendor:
Hangzhou Xiongmai Technology Co., Ltd

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified flaw. A remote attacker can use MAC addresses, enumerate potential Cloud IDs and use it to discover and connect to valid devices using one of the supported apps.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06

#VU15318 Information disclosure in XMeye P2P Cloud Server - CVE-2018-17917

Description

Remediation

External links

Please verify you're human