Lucene search
+L

5 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.46 views

ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek TUTK device given a valid 20-byte uniquely assigned identifier UID. This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the...

8.3CVSS8.1AI score0.02575EPSS
Exploits1References3
CVE
CVE
added 2021/09/08 4:23 p.m.42 views

CVE-2021-28732

CVE-2021-28732 is a duplicate of CVE-2021-28372. Connected sources describe CVE-2021-28372 (ThroughTek Kalay Platform) as a device impersonation vulnerability: with a valid 20-byte UID, an attacker can register a malicious device to hijack client connections and obtain credentials, enabling remot...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/18 3:48 p.m.46 views

Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit SDK, which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 CVSS score: 9.6 and...

9.1CVSS8.6AI score0.02575EPSS
Exploits1
ThreatPost
ThreatPost
added 2021/08/17 4:20 p.m.62 views

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things IoT devices – one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and...

8.3CVSS8.6AI score0.02575EPSS
Exploits1References14
FireEye
FireEye
added 2021/08/17 12:0 p.m.114 views

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency “CISA” that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020,...

7.6CVSS8.5AI score0.02575EPSS
Exploits1References11
Rows per page
Query Builder