Vulnerability identifier: #VU15320
Vulnerability risk: Low
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-311
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
XMeye P2P Cloud Server
Server applications /
Web servers
Vendor: Hangzhou Xiongmai Technology Co., Ltd
Description
The vulnerability allows a remote attacker to gain elevated privileges.
The vulnerability exists due to missing encryption of sensitive data. A remote attacker can eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versions
XMeye P2P Cloud Server: All versions
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-282-06
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.