cve/2018/CVE-2018-17915.md

### [CVE-2018-17915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17915)
![](https://img.shields.io/static/v1?label=Product&message=XMeye%20P2P%20Cloud%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=MISSING%20ENCRYPTION%20OF%20SENSITIVE%20DATA%20CWE-311&color=brighgreen)

### Description

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/KostasEreksonas/Besder-6024PB-XMA501-ip-camera-security-investigation
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-17915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17915)`
			`![](https://img.shields.io/static/v1?label=Product&message=XMeye%20P2P%20Cloud%20Server&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=MISSING%20ENCRYPTION%20OF%20SENSITIVE%20DATA%20CWE-311&color=brighgreen)`

			`### Description`

			`All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/KostasEreksonas/Besder-6024PB-XMA501-ip-camera-security-investigation`