{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T10:34:26.158","vulnerabilities":[{"cve":{"id":"CVE-2017-8866","sourceIdentifier":"cve@mitre.org","published":"2017-12-11T21:29:00.827","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server."},{"lang":"es","value":"Los juguetes inteligentes CogniToys Dino de Elemental Path hasta la versión de firmware 0.0.794 comparten un pequeño grupo fijo de claves embebidas. Esto permite que un atacante remoto emplee un dispositivo Dino diferente para descodificar el tráfico VoIP entre el Dino de un niño y el servidor remoto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cognitoys:stemosaur_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.794","matchCriteriaId":"88EDB973-E374-4A07-985D-EA8138D2ECBD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cognitoys:stemosaur:-:*:*:*:*:*:*:*","matchCriteriaId":"2F8C9518-FB3F-4DD6-841F-D653B70470D2"}]}]}],"references":[{"url":"https://dl.acm.org/citation.cfm?id=3139947","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://dl.acm.org/citation.cfm?id=3139947","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}}]}