{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:46:22.949","vulnerabilities":[{"cve":{"id":"CVE-2018-17915","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2018-10-10T15:29:00.253","lastModified":"2024-11-21T03:55:12.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code."},{"lang":"es","value":"Todas las versiones de XMeye P2P Cloud Server, de Hangzhou Xiongmai Technology Co., Ltdm, no cifran todas las comunicaciones del dispositivo. Esto incluye el servicio XMeye y la comunicación de actualizaciones de firmware. Esto podría permitir que un atacante espíe los feeds de vídeo, robe credenciales de inicio de sesión de XMeye o suplante el servidor de actualización con código de actualización malicioso."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-311"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-311"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xiongmaitech:xmeye_p2p_cloud_server:-:*:*:*:*:*:*:*","matchCriteriaId":"ADECAB4E-9949-49EC-B3EF-1903CA069822"}]}]}],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}