Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-17808

Malware in sbrugna...

5.9CVSS5.9AI score0.00648EPSS
Exploits0References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/08/15 11:10 a.m.26 views

PTP, IoT & the Norwegian Government

We were privileged to be invited to speak an event in Arendal, Norway yesterday to make the case for IoT regulation. 'Arendalsuka' is the largest political gathering in Norway, an open forum event where the public can interact directly with political leaders, business leaders, entrepreneurs,...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/30 3:17 p.m.14 views

A week in security (April 23 – April 29)

Last week, we dug into behavioral biometrics, explored a new crossrider variant, and embraced the power of "no." We also launched another CrackMe challenge, took a deep dive into smart toys, and finished up with a look at digital privacy in the age of IoT. Other news LinkedIn does battle with...

0.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/27 4:0 p.m.85 views

Please don’t buy this: smart toys

Smart toys attempt to offer what a lot of us imagined as kids—a toy that we can not only play with, but one that plays back. Many models offer voice recognition, facial expressions, hundreds of words and phrases, reaction to touch and impact, and even the ability to learn and retain new...

7.6AI score
Exploits0
Prion
Prion
added 2017/12/11 9:29 p.m.17 views

Path traversal

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...

4.3CVSS5.8AI score0.00832EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/12/11 9:29 p.m.18 views

CVE-2017-8866

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server...

5.9CVSS5.8AI score0.00648EPSS
Exploits0References1
Prion
Prion
added 2017/12/11 9:29 p.m.15 views

Path traversal

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...

4.3CVSS5.8AI score0.00832EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/12/11 9:29 p.m.16 views

CVE-2017-8865

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...

5.9CVSS5.8AI score0.00832EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/11 9:0 p.m.16 views

CVE-2017-8865

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...

5.8AI score0.00832EPSS
Exploits0References1
CVE
CVE
added 2017/12/11 9:0 p.m.44 views

CVE-2017-8866

The CVE-2017-8866 entry affects Elemental Path’s CogniToys Dino with firmware

5.9CVSS5.8AI score0.00648EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/12/11 9:0 p.m.43 views

CVE-2017-8865

CVE-2017-8865 affects Elemental Path’s CogniToys Dino, with firmware version 0.0.794 and earlier. The vulnerability allows an attacker on the network to replay VoIP traffic between a Dino device and a remote server to another Dino device, indicating a capture-replay flaw in the Dino’s communicati...

5.9CVSS5.8AI score0.00832EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/12/11 9:0 p.m.49 views

CVE-2017-8867

The CVE-2017-8867 entry covers CogniToys Dino smart toys (firmware up to 0.0.794). Affected component: voice traffic encryption uses AES-128 in ECB mode, which the documents state can be mapped to an AES key index, enabling eavesdropping on privacy-sensitive voice communications. Root cause is th...

5.9CVSS5.8AI score0.00832EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2017/07/31 7:21 p.m.71 views

A week in security (July 24 – July 30)

Last week, we recognized one of the unsung heroes of our times, explained what the Dark Web is, revealed challenges one of our experienced when putting together his conference presentation for SteelCon, revealed the potential dangers of smart toys to kids, and made a prediction following the...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/07/25 4:30 p.m.69 views

FBI: Smart toys could harm children’s privacy and physical safety

The Federal Bureau of Investigation has recently issued a Public Service Announcement PSA, encouraging consumers—parents, in particular—to think twice before purchasing internet-connected toys. Smart toys and entertainment devices for kids are part of the Internet of Things, and as such, they hav...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2015/12/10 10:4 p.m.13 views

Government Could Hack Children's Toys to Spy on You

Smartphones, Smart TVs, Smart Watches, Cell Phone Towers, Messaging services… but now, What's Next? Smart Toys? Yes, probably. Tech expert is warning that 'Smart Toys' could now be used by the government intelligence agencies to spy on suspects. As part of the Investigatory Powers Bill, children'...

7.1AI score
Exploits0
Rows per page
Query Builder