Vulnerability identifier: #VU15320

Vulnerability risk: Low

CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-17915

CWE-ID: CWE-311

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
XMeye P2P Cloud Server
Server applications / Web servers

Vendor: Hangzhou Xiongmai Technology Co., Ltd

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The vulnerability exists due to missing encryption of sensitive data. A remote attacker can eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

XMeye P2P Cloud Server: All versions

---

External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-282-06

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.