Описание
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device.
Ссылки
- MitigationThird Party Advisory
- ExploitMitigationThird Party Advisory
- Broken LinkVendor Advisory
- MitigationThird Party Advisory
- ExploitMitigationThird Party Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
EPSS
8.3 High
CVSS3
7.6 High
CVSS2
Дефекты
Связанные уязвимости
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device.
Уязвимость средства разработки Kalay P2P SDK, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю скомпрометировать устройства IoT и получить несанкционированный доступ к защищаемой информации
EPSS
8.3 High
CVSS3
7.6 High
CVSS2