| Max CVSS | 4.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-8867 | 4.3 |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and
|
03-10-2019 - 00:03 | 11-12-2017 - 21:29 | |
| CVE-2017-8865 | 4.3 |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to an
|
04-01-2018 - 16:23 | 11-12-2017 - 21:29 | |
| CVE-2017-8866 | 4.3 |
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.
|
04-01-2018 - 16:23 | 11-12-2017 - 21:29 |