Vulnerability identifier: #VU15318
Vulnerability risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-341
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
XMeye P2P Cloud Server
Server applications /
Web servers
Vendor: Hangzhou Xiongmai Technology Co., Ltd
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to unspecified flaw. A remote attacker can use MAC addresses, enumerate potential Cloud IDs and use it to discover and connect to valid devices using one of the supported apps.
Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versions
XMeye P2P Cloud Server: All versions
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-282-06
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.