ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK...
8.1CVSS
6.8AI Score
0.0004EPSS
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative...
4.3CVSS
6.8AI Score
0.0004EPSS
The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data...
9.1CVSS
7.5AI Score
0.001EPSS
ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access...
8.3CVSS
8.1AI Score
0.003EPSS