Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8867 | 1 Cognitoys | 2 Stemosaur, Stemosaur Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device. | |||||
CVE-2017-8866 | 1 Cognitoys | 2 Stemosaur, Stemosaur Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. | |||||
CVE-2017-8865 | 1 Cognitoys | 2 Stemosaur, Stemosaur Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device. |