Throughtek: >> Kalay Platform Security Vulnerabilities
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVSS Score
8.1
EPSS Score
0.004
Published
2024-05-15
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-05-15
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-05-15
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-15