Sign-up

ID

VAR-201810-0495


CVE

CVE-2018-17915


TITLE

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011418

DESCRIPTION

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code. Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hangzhou Xiongmai Information Technology Co., Ltd. focuses on security monitoring and video intelligence research and development. Multiple security weaknesses 2. Security bypass vulnerability Successfully exploiting these issues allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, bypass the authentication mechanism and gain unauthorized access. This may aid in launching further attacks

Trust: 2.61

sources: NVD: CVE-2018-17915 // JVNDB: JVNDB-2018-011418 // CNVD: CNVD-2018-20453 // BID: 105722 // IVD: e2fcf411-39ab-11e9-b97b-000c29342cb1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2fcf411-39ab-11e9-b97b-000c29342cb1 // CNVD: CNVD-2018-20453

AFFECTED PRODUCTS

vendor:xiongmaitechmodel:xmeye p2p cloud serverscope:eqversion: -

Trust: 1.6

vendor:xiongmaimodel:xmeye p2p cloud serverscope: - version: -

Trust: 0.8

vendor:xiongmai informationmodel:ip camerasscope: - version: -

Trust: 0.6

vendor:xiongmai informationmodel:nvrs and dvrs incl. 3rd party oem devicesscope: - version: -

Trust: 0.6

vendor: - model:xiongmai technology xmeye p2p cloud serverscope:eqversion:0

Trust: 0.3

vendor:xmeye p2p cloud servermodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2fcf411-39ab-11e9-b97b-000c29342cb1 // CNVD: CNVD-2018-20453 // BID: 105722 // JVNDB: JVNDB-2018-011418 // CNNVD: CNNVD-201810-498 // NVD: CVE-2018-17915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17915
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-17915
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-20453
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-498
value: CRITICAL

Trust: 0.6

IVD: e2fcf411-39ab-11e9-b97b-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-17915
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20453
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fcf411-39ab-11e9-b97b-000c29342cb1
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17915
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2fcf411-39ab-11e9-b97b-000c29342cb1 // CNVD: CNVD-2018-20453 // JVNDB: JVNDB-2018-011418 // CNNVD: CNNVD-201810-498 // NVD: CVE-2018-17915

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-011418 // NVD: CVE-2018-17915

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-498

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-498

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011418

PATCH
title:Top Pageurl:http://www.xiongmaitech.com/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011418

EXTERNAL IDS
db:NVDid:CVE-2018-17915
Trust: 3.5
db:ICS CERTid:ICSA-18-282-06
Trust: 2.7
db:CNVDid:CNVD-2018-20453
Trust: 0.8
db:CNNVDid:CNNVD-201810-498
Trust: 0.8
db:JVNDBid:JVNDB-2018-011418
Trust: 0.8
db:BIDid:105722
Trust: 0.3
db:IVDid:E2FCF411-39AB-11E9-B97B-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2fcf411-39ab-11e9-b97b-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-20453 // 
            
            
            
            BID: 105722 // 
            
            
            
            JVNDB: JVNDB-2018-011418 // 
            
            
            
            CNNVD: CNNVD-201810-498 // 
            
            
            
            NVD: CVE-2018-17915

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-282-06
Trust: 2.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17915
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17915
Trust: 0.8
url:https://seclists.org/fulldisclosure/2018/oct/22
Trust: 0.6
url:https://www.xmeye.net/index
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-20453 // 
            
            
            
            BID: 105722 // 
            
            
            
            JVNDB: JVNDB-2018-011418 // 
            
            
            
            CNNVD: CNNVD-201810-498 // 
            
            
            
            NVD: CVE-2018-17915

CREDITS
Stefan Viehböck on behalf of SEC Consult Vulnerability Lab
Trust: 0.3
sources:
            
            
            BID: 105722

SOURCES
db:IVDid:e2fcf411-39ab-11e9-b97b-000c29342cb1
db:CNVDid:CNVD-2018-20453
db:BIDid:105722
db:JVNDBid:JVNDB-2018-011418
db:CNNVDid:CNNVD-201810-498
db:NVDid:CVE-2018-17915

LAST UPDATE DATE
2024-11-23T22:12:19.152000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20453date:2018-10-10T00:00:00
db:BIDid:105722date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011418date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-498date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17915date:2024-11-21T03:55:12.040

SOURCES RELEASE DATE
db:IVDid:e2fcf411-39ab-11e9-b97b-000c29342cb1date:2018-10-10T00:00:00
db:CNVDid:CNVD-2018-20453date:2018-10-10T00:00:00
db:BIDid:105722date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011418date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-498date:2018-10-11T00:00:00
db:NVDid:CVE-2018-17915date:2018-10-10T15:29:00.253