CVE-2017-8867 in Dino Smart Toyinfo

Summary

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

05/09/2017

Disclosure

12/11/2017

Moderation

VulDB entry created

Entries

VDB-110505 (1)

CPE

ready

CWE

CWE-320 (Confirmed)

CVSS

5.7

EPSS

0.00251

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-8867
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-8867
CVE Details	https://www.cvedetails.com/cve/CVE-2017-8867/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!