EUVD-2018-9658

Malware in sbrugna...

EUVD-2018-9660

Malware in sbrugna...

CVE-2018-17919

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams...

CVE-2018-17917

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps...

Code injection

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the upda...

Code injection

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps...

CVE-2018-17915

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the upda...

Default credentials

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams...

CVE-2018-17917

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps...

CVE-2018-17917

CVE-2018-17917 affects Hangzhou Xiongmai XMeye P2P Cloud Server. The vulnerability allows an attacker to enumerate potential Cloud IDs by using MAC addresses, enabling discovery of valid devices and connection via supported XMeye apps. Root cause described across sources is predictable/derivable ...

CVE-2018-17919

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams...

CVE-2018-17915

CVE-2018-17915 affects Hangzhou Xiongmai XMeye P2P Cloud products (IP cameras, NVRs/DVRs). SEC Consult reports describe a remote code execution/integrity issue in XMeye P2P Cloud, with vulnerable implementations that lack proper protection during update/communication, enabling an attacker to pote...

CVE-2018-17919

CVE-2018-17919 is supported by connected sources: XMeye P2P Cloud Server devices expose an undocumented user account named “default” with its default password, enabling login to view video streams. Multiple sources (ICSA, CNVD, SEC Consult / PACKETSTORM advisories, CVE listings) confirm this issu...

CVE-2018-17915

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the upda...

Naming & Shaming Web Polluters: Xiongmai

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai -- a Chinese maker of electronic parts th...

XMeye P2P Cloud Remote Code Execution / Integrity Issues Vulnerabilities

XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution. ======================================================================= title: Remote Code Execution via XMeye...

Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices hidden feature vulnerability

Hangzhou Xiongmai Information Technology Co., Ltd. specializes in security monitoring, video intelligence research and development. A hidden functionality vulnerability exists in Xiongmai IP Cameras, NVRs and DVRs incl. 3rd party OEM devices, which allows an attacker to log in to XMeye and...

XMeye P2P Cloud Remote Code Execution / Integrity Issues

SEC Consult also published a blog post regarding the identified security issues with further background information: Blog: https://r.sec-consult.com/xmeye SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code...

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...

xmeye - Corrupted files, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application xmeye published at the 'play' market has multiple vulnerabilities...