NewsSecurity Vulnerabilities

Multi Vendor Security Camera Feeds Exposed Due to Flaw in SDK [CVE-2021-32934]

CVE Number – CVE-2021-32934

The affected ThroughTek P2P products do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.

ThroughTek has discovered that many customers have incorrectly implemented their SDK or have disregarded their SDK version updates.

ThroughTek recommends original equipment manufacturers to implement the following mitigations:

  • If SDK is Version 3.1.10 and above, enable authkey and DTLS.
  • If SDK is any version prior to 3.1.10, upgrade library to v3.3.1.0 or v3.4.2.0 and enable authkey/DTLS.

Additional information can be found in ThroughTek’s advisory

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.