Sign-up

ID

VAR-201908-1451


CVE

CVE-2017-18484


TITLE

Cognitoys Dino Cross-site scripting vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-014689

DESCRIPTION

Cognitoys Dino devices allow XSS via the SSID. Cognitoys Dino The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Crunchbase Cognitoys Dino is a children's cognitive electronic learning toy produced by American Crunchbase Company. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2017-18484 // JVNDB: JVNDB-2017-014689 // VULHUB: VHN-109611

AFFECTED PRODUCTS

vendor:elementalpathmodel:cognitoys dinoscope:eqversion: -

Trust: 1.0

vendor:elemental pathmodel:cognitoys dinoscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014689 // NVD: CVE-2017-18484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18484
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18484
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-595
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109611
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18484
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-109611
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18484
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109611 // JVNDB: JVNDB-2017-014689 // CNNVD: CNNVD-201908-595 // NVD: CVE-2017-18484

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-109611 // JVNDB: JVNDB-2017-014689 // NVD: CVE-2017-18484

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-595

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-595

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014689

PATCH
title:Top Pageurl:http://cognitoys.com/?reqp=1&reqr=Ml5jLt==
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-014689

EXTERNAL IDS
db:NVDid:CVE-2017-18484
Trust: 2.5
db:JVNDBid:JVNDB-2017-014689
Trust: 0.8
db:CNNVDid:CNNVD-201908-595
Trust: 0.7
db:VULHUBid:VHN-109611
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109611 // 
            
            
            
            JVNDB: JVNDB-2017-014689 // 
            
            
            
            CNNVD: CNNVD-201908-595 // 
            
            
            
            NVD: CVE-2017-18484

REFERENCES
url:https://www.pentestpartners.com/security-blog/jurassic-poke-hacking-a-dino-toy/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2017-18484
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18484
Trust: 0.8
sources:
            
            
            VULHUB: VHN-109611 // 
            
            
            
            JVNDB: JVNDB-2017-014689 // 
            
            
            
            CNNVD: CNNVD-201908-595 // 
            
            
            
            NVD: CVE-2017-18484

SOURCES
db:VULHUBid:VHN-109611
db:JVNDBid:JVNDB-2017-014689
db:CNNVDid:CNNVD-201908-595
db:NVDid:CVE-2017-18484

LAST UPDATE DATE
2024-11-23T23:01:42.473000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109611date:2019-08-15T00:00:00
db:JVNDBid:JVNDB-2017-014689date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-595date:2019-08-19T00:00:00
db:NVDid:CVE-2017-18484date:2024-11-21T03:20:13.660

SOURCES RELEASE DATE
db:VULHUBid:VHN-109611date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2017-014689date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-595date:2019-08-08T00:00:00
db:NVDid:CVE-2017-18484date:2019-08-08T21:15:11.223