Sign-up

ID

VAR-201712-1107


CVE

CVE-2017-8865


TITLE

Elemental Path of CogniToys Dino Smart toy firmware information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011561

DESCRIPTION

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device. Elemental Path of CogniToys Dino Smart toy (smart toy) Contains an information disclosure vulnerability.Information may be obtained. An information disclosure vulnerability exists in ElementalPathCogniToysDino that uses firmware version 0.0.794 and earlier

Trust: 2.25

sources: NVD: CVE-2017-8865 // JVNDB: JVNDB-2017-011561 // CNVD: CNVD-2018-00675 // VULHUB: VHN-117068

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-00675

AFFECTED PRODUCTS

vendor:cognitoysmodel:stemosaurscope:lteversion:0.0.794

Trust: 1.0

vendor:elemental pathmodel:stemosaurscope: - version: -

Trust: 0.8

vendor:elementalmodel:path's cogni toys dinoscope:lteversion:<=0.0.794

Trust: 0.6

vendor:cognitoysmodel:stemosaurscope:eqversion:0.0.794

Trust: 0.6

sources: CNVD: CNVD-2018-00675 // JVNDB: JVNDB-2017-011561 // CNNVD: CNNVD-201705-548 // NVD: CVE-2017-8865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8865
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8865
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-00675
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-548
value: MEDIUM

Trust: 0.6

VULHUB: VHN-117068
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8865
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00675
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117068
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8865
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-00675 // VULHUB: VHN-117068 // JVNDB: JVNDB-2017-011561 // CNNVD: CNNVD-201705-548 // NVD: CVE-2017-8865

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-117068 // JVNDB: JVNDB-2017-011561 // NVD: CVE-2017-8865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-548

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-548

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011561

PATCH
title:Top Pageurl:http://elementalpath.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011561

EXTERNAL IDS
db:NVDid:CVE-2017-8865
Trust: 3.1
db:JVNDBid:JVNDB-2017-011561
Trust: 0.8
db:CNNVDid:CNNVD-201705-548
Trust: 0.7
db:CNVDid:CNVD-2018-00675
Trust: 0.6
db:VULHUBid:VHN-117068
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-00675 // 
            
            
            
            VULHUB: VHN-117068 // 
            
            
            
            JVNDB: JVNDB-2017-011561 // 
            
            
            
            CNNVD: CNNVD-201705-548 // 
            
            
            
            NVD: CVE-2017-8865

REFERENCES
url:https://dl.acm.org/citation.cfm?id=3139947
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2017-8865
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8865
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-00675 // 
            
            
            
            VULHUB: VHN-117068 // 
            
            
            
            JVNDB: JVNDB-2017-011561 // 
            
            
            
            CNNVD: CNNVD-201705-548 // 
            
            
            
            NVD: CVE-2017-8865

SOURCES
db:CNVDid:CNVD-2018-00675
db:VULHUBid:VHN-117068
db:JVNDBid:JVNDB-2017-011561
db:CNNVDid:CNNVD-201705-548
db:NVDid:CVE-2017-8865

LAST UPDATE DATE
2025-04-20T23:42:03.106000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00675date:2018-01-10T00:00:00
db:VULHUBid:VHN-117068date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-011561date:2018-01-18T00:00:00
db:CNNVDid:CNNVD-201705-548date:2017-12-12T00:00:00
db:NVDid:CVE-2017-8865date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-00675date:2018-01-10T00:00:00
db:VULHUBid:VHN-117068date:2017-12-11T00:00:00
db:JVNDBid:JVNDB-2017-011561date:2018-01-18T00:00:00
db:CNNVDid:CNNVD-201705-548date:2017-05-11T00:00:00
db:NVDid:CVE-2017-8865date:2017-12-11T21:29:00.797