CVE-2015-8254

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to 1 initiate a false alarm or 2 deactivate an alarm by modifying the client-server data stream...

CVE-2015-8253

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive 1 message or 2 MJPEG video data by sniffing the network...

CVE-2015-8252

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

Hardcoded credentials

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

Design/Logic Flaw

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to 1 initiate a false alarm or 2 deactivate an alarm by modifying the client-server data stream...

CVE-2015-8253

CVE-2015-8253 affects RSI Video Technologies Videofied Frontel protocol (pre-3) where initial AES authentication is followed by unencrypted traffic. The vulnerability allows a remote attacker to sniff plaintext messages and MJPEG video data, exposing sensitive information. The issue is rooted in ...

CVE-2015-8254

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to 1 initiate a false alarm or 2 deactivate an alarm by modifying the client-server data stream...

CVE-2015-8254

The CVE-2015-8254 entry concerns RSI Video Technologies’ Frontel protocol used by Videofied devices. A vulnerability exists in Frontel prior to protocol version 3 where messages are sent without integrity protection, enabling a remote attacker to spoof messages and potentially initiate false alar...

CVE-2015-8252

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

CVE-2015-8252

The CVE-2015-8252 issue affects RSI Video Technologies Videofied Frontel protocol (pre-3). The vulnerability stems from a pre-shared key that is entirely derived from the device serial number, which is transmitted in clear text. An attacker can sniff the network, recover the device serial number,...

RSI Video Technologies Frontel Hard-Coded Encryption Vulnerability

RSI Video Technologies Frontel is a suite of receiver software for monitoring Videofied wireless video alarm systems from the French company RSI Video Technologies. A security vulnerability exists in RSI Video Technologies Frontel that stems from the program's use of a pre-shared key that is...

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...