Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.

Related CVEs

CVE-2017-8866

Key Information

GHSA ID

GHSA-88r5-mxjg-5m25

Published

May 14, 2022 4:00 AM

Last Modified

May 14, 2022 4:00 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 29, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.