5 matches found
ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek TUTK device given a valid 20-byte uniquely assigned identifier UID. This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the...
CVE-2021-28732
CVE-2021-28732 is a duplicate of CVE-2021-28372. Connected sources describe CVE-2021-28372 (ThroughTek Kalay Platform) as a device impersonation vulnerability: with a valid 20-byte UID, an attacker can register a malicious device to hijack client connections and obtain credentials, enabling remot...
Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices
A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit SDK, which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 CVSS score: 9.6 and...
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop
Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things IoT devices – one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and...
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency “CISA” that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020,...