VYPR
Vendor

Cognitoys

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2017-8867MedDec 11, 2017
    risk 0.38cvss 5.9epss 0.01

    Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to…

  • CVE-2017-8866MedDec 11, 2017
    risk 0.38cvss 5.9epss 0.01

    Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.

  • CVE-2017-8865MedDec 11, 2017
    risk 0.38cvss 5.9epss 0.01

    Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.