Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Elemental Path CogniToys Dino 安全漏洞
Vulnerability Description
Elemental Path CogniToys Dino是美国Elemental Path公司的一款能够与儿童进行语音交流的智能玩具。 使用0.0.794及之前版本固件的Elemental Path CogniToys Dino中存在安全漏洞,该漏洞源于程序使用带有ECB模式的AES-128加密声音流量。攻击者可利用该漏洞将特制的流量映射到AES密钥索引,并监听敏感的声音通信。
CVSS Information
N/A
Vulnerability Type
N/A