CRITICAL🇵🇱 Wersja polska

CVE-2018-17915

CVSS 9.8v3.0pub. 2018-10-10upd. 2024-11-21

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Xiongmaitech Xmeye P2p Cloud Server

    APP
    Xiongmaitech
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-17917MEDIUM5.3ten sam produkt

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC ...

CVE-2018-17919MEDIUM6.5ten sam produkt

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an u...

CVE-2025-65856CRITICAL9.8PL ✓ten sam vendor

Authentication bypass w kamerach IP Xiongmai XM530 — dostęp bez uwierzytelnienia

CVE-2022-45460CRITICAL9.8ten sam vendor

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02....

CVE-2021-41506CRITICAL9.8ten sam vendor

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-...