2 matches found
Code injection
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek TUTK device given a valid 20-byte uniquely assigned identifier UID. This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the...
CVE-2021-28372
CVE-2021-28372 affects ThroughTek’s Kalay Platform (Kalay Platform 2.0) and Kalay P2P SDK. The root cause is a device impersonation flaw: an attacker who obtains a valid 20-byte Kalay UID can register or hijack a device on the Kalay network, causing client connections to be redirected and enablin...