Vulnerabilities > Cognitoys

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-11	CVE-2017-8867	Unspecified vulnerability in Cognitoys Stemosaur Firmware 0.0.794 Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device. network high complexity cognitoys	5.9
2017-12-11	CVE-2017-8866	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cognitoys Stemosaur Firmware 0.0.794 Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. network high complexity cognitoys CWE-327	5.9
2017-12-11	CVE-2017-8865	Information Exposure vulnerability in Cognitoys Stemosaur Firmware 0.0.794 Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device. network high complexity cognitoys CWE-200	5.9

Vulnerabilities > Cognitoys {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cognitoys"}]}