ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information
CVE-2021-32934

9.1CRITICAL

Key Information:

Vendor: Throughtek
Status: P2p Sdk
Vendor: CVE Published:; 19 May 2022

What is CVE-2021-32934?

The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

P2P SDK all with nossl tag

P2P SDK firmware using AVAPI module without enabling DTLS mechanism

P2P SDK firmware using P2PTunnel or RDT module

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-166-01

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 19, 2022
Vulnerability Reserved
May 13, 2021

Credit

Nozomi Networks reported this vulnerability to CISA.

JSON

Throughtek

What is CVE-2021-32934?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.