14 matches found
EUVD-2019-2920
Malware in sbrugna...
CVE-2022-38970
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
Design/Logic Flaw
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
CVE-2022-38970
Summary (CVE-2022-38970) : The ieGeek IG20 hipcam RealServer V1.0 is reported vulnerable due to a predictability flaw in the UID generation algorithm used by Shenzhen Yunni Technology iLnkP2P, leading to Incorrect Access Control and the ability for remote attackers to establish direct connections...
CVE-2022-38970
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
2 Million IoT Devices Vulnerable to Complete Takeover
Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws. The attack stems from peer-to-peer P2P communication technolo...
Code injection
The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices...
CVE-2019-11220
An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials...
CVE-2019-11219
The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices...
Authentication flaw
An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials...
CVE-2019-11220
CVE-2019-11220 describes an authentication flaw in Shenzhen Yunni Technology’s iLnkP2P that enables remote attackers to intercept user-to-device traffic in cleartext, including video streams and device credentials. The vulnerability stems from weaknesses in the iLnkP2P implementation, exposing de...
CVE-2019-11219
The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices...
CVE-2019-11219
CVE-2019-11219 covers a UID-generation weakness in Shenzhen Yunni Technology’s iLnkP2P that makes device IDs predictable. This enables remote attackers to enumerate online devices and establish direct connections, bypassing typical network boundaries due to lack of authentication/encryption in af...
P2P Weakness Exposes Millions of IoT Devices
A peer-to-peer P2P communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A map showing the distribution of...