46 matches found
EUVD-2021-15055
Malware in sbrugna...
EUVD-2021-19655
Malware in sbrugna...
EUVD-2023-58566
Malicious code in bioql PyPI...
EUVD-2023-58565
Malicious code in bioql PyPI...
CVE-2021-32934
The affected ThroughTek P2P products SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module do not sufficiently protect data...
CVE-2021-28372
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek TUTK device given a valid 20-byte uniquely assigned identifier UID. This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the...
ThroughTek P2P SDK Cleartext Transmission of Sensitive Information (CVE-2021-32934)
ThroughTek supplies multiple original equipment manufacturers of IP cameras & recorders with P2P connections as part of its cloud platform. Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds. This plugin only...
ThroughTek Kalay P2P SDK Improper Access Control (CVE-2021-28372)
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek TUTK device given a valid 20-byte uniquely assigned identifier UID. This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the...
IoT Cameras Exposed by Chainable Exploits, Millions Affected
By Deeba Ahmed A recent discovery of 4 security flaws in ThroughTek's Kalay platform leaves millions of IoT devices exposed. This article explores the security risks to your connected home and the broader threat to IoT devices. Act now – secure your smart devices! This is a post from HackRead.com...
CVE-2023-6324
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...
CVE-2023-6324
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...
CVE-2023-6323
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
CVE-2023-6323
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
CVE-2023-6324
ThroughTek Kalay SDK (used in Owlet Cam, Wyze Cam v3, Roku Indoor Camera SE) has a DTLS PSK handling flaw: it uses a predictable PSK value when an unexpected PSK identity is encountered, potentially exposing protected information. Related sources cite affected Kalay SDK versions (3.x to 4.x) and ...
CVE-2023-6324 ThroughTek Kalay SDK error in handling the PSK identity
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...
CVE-2023-6324 ThroughTek Kalay SDK error in handling the PSK identity
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...
CVE-2023-6323
CVE-2023-6323 affects ThroughTek Kalay SDK, where the SDK does not verify the authenticity of received messages, enabling an attacker to impersonate an authoritative server. Documentation consistently identifies this as a message-authentication failure with impact on confidentiality (through pote...
CVE-2023-6323 ThroughTek Kalay SDK insufficient verification of message authenticity
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
CVE-2023-6323 ThroughTek Kalay SDK insufficient verification of message authenticity
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
ThroughTek Kalay Platform 数据伪造问题漏洞
Throughtek ThroughTek Kalay Platform is an application from China IOT Intelligence throughtek Inc. The Kalay Cloud Platform service is enabled using P2P technology. A data forgery issue vulnerability exists in ThroughTek Kalay Platform versions prior to 4.3.4.2, which stems from a vulnerability...