CVE-2017-8867
Last modified
CVE-2017-8867 is a vulnerability of currently unknown severity. Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.. EPSS estimates a 0.83% chance of exploitation in the next 30 days.
Description
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cognitoys | Stemosaur Firmware | <= 0.0.794 |
References
- https://dl.acm.org/citation.cfm?id=3139947Issue Tracking, Third Party Advisory
- https://dl.acm.org/citation.cfm?id=3139947Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8867?
How severe is CVE-2017-8867?
How do I fix CVE-2017-8867?
Are you affected by CVE-2017-8867?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST