Owletcare: >> Cam 2 Firmware Security Vulnerabilities
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVSS Score
8.1
EPSS Score
0.004
Published
2024-05-15
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-05-15
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-15