Lucene search

[email protected]CVE-2018-17919

HistoryOct 10, 2018 - 3:29 p.m.

CVE-2018-17919

2018-10-1015:29:00

CWE-798

CWE-912

[email protected]

web.nvd.nist.gov

cve-2018-17919

hangzhou xiongmai technology co.

ltd

xmeye

p2p cloud server

security vulnerability

undocumented user account

default password

video streams

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account “default” with its default password to login to XMeye and access/view video streams.

Affected configurations

NVD

Node

xiongmaitechxmeye_p2p_cloud_server

CPENameOperatorVersion
xiongmaitech:xmeye_p2p_cloud_serverxiongmaitech xmeye p2p cloud servereq*

CPE	Name	Operator	Version
xiongmaitech:xmeye_p2p_cloud_server	xiongmaitech xmeye p2p cloud server	eq	*

CNA Affected

[
  {
    "product": "XMeye P2P Cloud Server",
    "vendor": "Hangzhou Xiongmai Technology Co., Ltd",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]