CVE-2015-8254

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to 1 initiate a false alarm or 2 deactivate an alarm by modifying the client-server data stream...

CVE-2015-8253

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive 1 message or 2 MJPEG video data by sniffing the network...

CVE-2015-8252

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

Hardcoded credentials

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

Design/Logic Flaw

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to 1 initiate a false alarm or 2 deactivate an alarm by modifying the client-server data stream...

CVE-2015-8252

The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number...

CVE-2015-8253

CVE-2015-8253 affects RSI Video Technologies Videofied Frontel protocol (pre-3) where initial AES authentication is followed by unencrypted traffic. The vulnerability allows a remote attacker to sniff plaintext messages and MJPEG video data, exposing sensitive information. The issue is rooted in ...

CVE-2015-8252

The CVE-2015-8252 issue affects RSI Video Technologies Videofied Frontel protocol (pre-3). The vulnerability stems from a pre-shared key that is entirely derived from the device serial number, which is transmitted in clear text. An attacker can sniff the network, recover the device serial number,...

CVE-2015-8254

The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to 1 initiate a false alarm or 2 deactivate an alarm by modifying the client-server data stream...

CVE-2015-8254

The CVE-2015-8254 entry concerns RSI Video Technologies’ Frontel protocol used by Videofied devices. A vulnerability exists in Frontel prior to protocol version 3 where messages are sent without integrity protection, enabling a remote attacker to spoof messages and potentially initiate false alar...

RSI Video Technologies Frontel Hard-Coded Encryption Vulnerability

RSI Video Technologies Frontel is a suite of receiver software for monitoring Videofied wireless video alarm systems from the French company RSI Video Technologies. A security vulnerability exists in RSI Video Technologies Frontel that stems from the program's use of a pre-shared key that is...

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...