CVE-2020-9525

Published: Aug 10, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices.

Affected (1)

Products: Cs2 Network: P2p

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cs2 Network P2p	Up to 3.0.3a

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://hacked.camera

Source: cve@mitre.org

Third Party Advisory

https://redprocyon.com

Source: cve@mitre.org

Third Party Advisory

https://hacked.camera

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://redprocyon.com

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.