CVE-2017-8867

Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.
References
Link Resource
https://dl.acm.org/citation.cfm?id=3139947 Issue Tracking Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cognitoys:stemosaur_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cognitoys:stemosaur:-:*:*:*:*:*:*:*

Information

Published : 2017-12-11 13:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-8867

Mitre link : CVE-2017-8867


JSON object : View

Advertisement

dedicated server usa

Products Affected

cognitoys

  • stemosaur
  • stemosaur_firmware