CVE-2021-32934

Summary

The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.

Affected Software

VendorProductVersion RangeStatus
ThroughTekP2P SDKall with nossl tagaffected
ThroughTekP2P SDKfirmware using AuthKey for IOTC connectionunaffected
ThroughTekP2P SDKfirmware using AVAPI module without enabling DTLS mechanismaffected
ThroughTekP2P SDKfirmware using P2PTunnel or RDT moduleaffected
ThroughTekP2P SDKAll <= 3.1.5affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References