Kalay Platform

kalay_platform

Vendor: Throughtek • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6324 4Owletcare RokuThroughtek+1 more 5Cam 2 Firmware Cam FirmwareCam V3 Firmware+2 more Feb 11, 2025 May 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVE-2023-6323 4Owletcare RokuThroughtek+1 more 5Cam 2 Firmware Cam FirmwareCam V3 Firmware+2 more Feb 11, 2025 May 15, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVE-2023-6322 3Roku ThroughtekWyze 3Cam V3 Firmware Indoor Camera Se FirmwareKalay Platform Feb 11, 2025 May 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-...Show more A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.Show less
CVE-2023-6321 2Owletcare Throughtek 3Cam 2 Firmware Cam FirmwareKalay Platform Feb 11, 2025 May 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vuln...Show more A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.Show less