ICSA-21-166-01 · Published 2021-06-15 · View on CISA ICS-CERT ↗

ThroughTek P2P SDK

CVSS 9.1 CRITICAL

Risk Summary

ThroughTek supplies multiple original equipment manufacturers of IP cameras with P2P connections as part of its cloud platform. Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such as camera audio/video feeds.

CVEs (1)

CVE-2021-32934

Remediations

If SDK is Version 3.1.10 and above, enable authkey and DTLS.
If SDK is any version prior to 3.1.10, upgrade library to v3.3.1.0 or v3.4.2.0 and enable authkey/DTLS.
Additional information can be found in ThroughTek's advisory.

Affected Vendors

ThroughTek

Affected Products (5)

ThroughTek · P2P Software Development Kit * (that does not use AuthKey for IOTC connection)

ThroughTek · P2P Software Development Kit <= 3.1.5

ThroughTek · P2P Software Development Kit * (with nossl tag)

ThroughTek · P2P Software Development Kit * (using P2PTunnel or RDT module)

ThroughTek · P2P Software Development Kit * (using the AVAPI module without enabling DTLS mechanism)

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more