Vulnerability Description
The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Throughtek | Kalay P2P Software Development Kit | <= 3.1.5 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-32934?
CVE-2021-32934 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling...
How severe is CVE-2021-32934?
CVE-2021-32934 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-32934?
Check the references section above for vendor advisories and patch information. Affected products include: Throughtek Kalay P2P Software Development Kit.