Lucene search

[email protected]CVE-2018-17917

HistoryOct 10, 2018 - 3:29 p.m.

CVE-2018-17917

2018-10-1015:29:00

CWE-200

CWE-341

[email protected]

web.nvd.nist.gov

105

xiongmai

xmeye

p2p cloud server

vulnerability

cve-2018-17917

security

mac address

enumeration

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.8%

JSON

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.

Affected configurations

NVD

Node

xiongmaitechxmeye_p2p_cloud_server

CPENameOperatorVersion
xiongmaitech:xmeye_p2p_cloud_serverxiongmaitech xmeye p2p cloud servereq*

CPE	Name	Operator	Version
xiongmaitech:xmeye_p2p_cloud_server	xiongmaitech xmeye p2p cloud server	eq	*

CNA Affected

[
  {
    "product": "XMeye P2P Cloud Server",
    "vendor": "Hangzhou Xiongmai Technology Co., Ltd",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]